Dive Brief:
- Within 24 hours of the announcement that Anthem had been hit by a cyberattack that compromised the personal data of 80 million members, three class-action lawsuits were filed in federal courts in Alabama, California and Indiana, and it's likely that more will be coming. (As one of the filing attorneys told Modern Healthcare, Anthem could ask for the lawsuits to be coordinated, and if a suit is certified as class action, everyone impacted would automatically be included under it unless they choose to opt out.)
- As of Friday, Anthem had not commented on the lawsuits.
- The company did release a statement noting that they have retained the cybersecurity firm Mandiant (CHS' security contractor at the time of its massive breach) to evaluate and find solutions to secure their systems, but critics say it's too late.
Dive Insight:
While Anthem appears to be doing everything possible to contain the current situation, some argue that the company could and should have done more to prevent it. Anthem has already faced criticism after it revealed that it stored the Social Security numbers of its customers without encryption, in an apparent attempt to balance the concerns of protecting the data while still being able to utilize it.
Another of the complaints details not only possible security shortcomings, but past data security issues that should have served as red flags, including a settlement over an incident in 2012 in which letters were sent to 33,000 customers that included their Social Security numbers.
"Undeterred—and apparently unmotivated—by these events, Anthem still has failed to adequately protected [sic] its customers' private and sensitive information," the complaint states.
Anthem's treatment will serve as an indicator to the healthcare industry of the public's and judicial system's current expectations.
"It seems like a lot of companies try to get additional security measures in place, but it's after the horse has left the barn," Aashish Desai, the attorney in the California lawsuit says. "I don't know why these companies don't spend more on the front end."