First Lawsuits Filed in Response to Anthem Data Breach Disclosure | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

First Lawsuits Filed in Response to Anthem Data Breach Disclosure

February 9, 2015
by Mark Hagland
| Reprints
On Feb. 9, USA Today reported that the first lawsuits have already been filed as a result of the data breach experienced by the Indianapolis-based Anthem Health, and which Anthem had disclosed on Feb. 4.

On Feb. 9, USA Today reported that the first lawsuits have already been filed as a result of the data breach experienced by the Indianapolis-based Anthem Health, and which Anthem had disclosed on Feb. 4. According to the USA Today report, at least four had been filed by Monday morning, in Indiana, California, Alabama, and Georgia.

The breach of data security at the nation’s second-largest health insurance company, had been detected on Jan. 27, when an Anthem IS administrator discovered that outsiders were using his own security credentials to log into the company’s information system and stealing data. The hackers had succeeded in penetrating the system and stealing customer data sometime between Dec. 10 and Jan. 27, with attempts possibly having been made earlier in 2014, according to Anthem spokesperson Kristin Binns.

Hackers had gained access to a company database that included members’ names, birthdays, Social Security numbers, addresses, and employment data, including income, but not credit card information.

Monday morning’s USA Today story included  quotes from David Damoto, managing director at FireEye, a security firm brought in to help Anthem analyze the data breach, which may have affected up to 80 million people. “We… saw evidence that the attacker was interested in very specific information, in this case, the database,” Damoto told USA Today. “They did very methodical reconnaissance into the database,” adding that “Attribution takes a lot of data. I think everyone’s just speculating” as to whether Chinese hackers might have been involved, as some press reports citing unnamed sources have stated. “At this point in time, we’re working very closely with the FBI and we haven’t jointly provided any attribution,” Damoto added.

As the USA Today report noted, “Some have questioned why Anthem would have maintained a single database containing information about 80 million current and former members. However,” the report added, “in the healthcare industry, such databases are useful, said J.J. Thompson, the CEO of Rook Security, an Indianapolis-based computer security firm.”

The story quoted Thompson as saying, “If I have my security hat on, I’d say, ‘Never put all your eggs in one basket.’ But in the healthcare world, having the database could lead to better patient outcomes. But it should have been encrypted. I hope it was encrypted.”

All four lawsuits referenced in the USA Today article are class action lawsuits, filed against anthem and/or its affiliate subsidiaries or units, on behalf of large groups of plaintiffs. The Indiana suit, filed in U.S. District Court for the Southern District of Indiana, Indianapolis Division, on Feb. 5, includes in its opening statement, the following:  “Anthem’s conduct—failing to take adequate and reasonable  measures to ensure its data systems were protected, failing to take available steps to prevent and stop the breach from ever happening, failing to disclose to its customers the material facts that it did not have adequate computer systems and security practices to safeguard customers’ financial account and personal data, and failing to provide timely and adequate notice of the Anthem data breach—has caused substantial consumer harm and injuries to consumers across the United States.”

Healthcare Informatics will continue to update readers on developments in this situation, as new developments emerge.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.