Anthem Blue Cross Security Breach Occurred During System Upgrade – Information Accessed by Attorneys Looking for Informati
Posted Jun 25 2010 9:53am
As the world of health care data revolves, this is an interesting case with attorneys being the culprits looking for information, so the folks on the other side are in fact getting smarter technology. Normally the cases we see involve loss of hardware, like a USB drive or a notebook, etc. This was different in the fact that after the system upgrade all security evidently was NOT in place and working correctly.
According to the article here, anyone who had a current application in process was a potential victim. Now this opens the door for lawsuits to be filed for those who’s records were exposed. Again, I don’t know how long the current business models can be sustained at this rate as if it has happened once, well it can and probably will happen again. Use of private information out in the world of technology is causing a real stir for access and the information means money.
For the consumer applying for health insurance here it means a year’s worth of free credit reporting. I wonder how much the attorney’s actually were able to see and obviously it appears this was not done to perhaps steal identities, but rather to obtain information used for future lawsuits. The legal profession is also a good example of an industry who invests heavily in technology too and the article states the information was returned, but after being reviewed and evaluated, it’s still out there if duplicated and I might guess there’s a real good possibility of this occurring for strategic use with future lawsuits. BD
More than 200,000 Anthem Blue Cross customers this week received letters informing them that their personal information might have been accessed during a security breach of the company's website.
Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their applications.
Anthem spokeswoman Cynthia Sanders said the confidential information was briefly accessed, primarily by attorneys seeking information for a class action lawsuit against the insurer.
Newport Beach attorney Mark Robinson filed a class action lawsuit on behalf of a Los Angeles County resident who discovered that her application for insurance was available for public view.
"The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again."
The company is offering a free year of identity protection service. Anthem also said the attorneys have returned all improperly obtained information to a custodian of the court system.