Indiana attorney general sues WellPoint over breach

Share this article:
The Indiana attorney general's office has filed a lawsuit against Indianapolis-based health insurance provider WellPoint for taking months to notify state residents whose personal information was breached.

The lawsuit, filed Friday, contends that WellPoint violated state law, which requires breached businesses to notify affected individuals and the attorney general's office “without reasonable delay,” Attorney General Greg Zoeller said in a news release.

Zoeller said WellPoint learned of the breach, which affected more than 32,000 Indiana citizens, on Feb. 22, but did not begin notifying customers until almost four months later, on June 18.

After learning of the exposure through media reports, Zoeller's office tried to contact WellPoint, receiving a response in late July.

“The delays in notice to both customers and to the attorney general's office are considered unreasonable,” the news release states.

The state is seeking $300,000 in civil penalties.

According to Zoeller, applications for insurance policies submitted to WellPoint that contained citizen's Social Security numbers, financial information and health records may have been available to the public through an unsecured website for at least 137 days, between October 2009 and March 2010.

WellPoint previously had disclosed that the breach was the result of a faulty website upgrade and may have affected 470,000 customers of Anthem Blue Cross, a WellPoint company.

The health insurer is facing at least one other lawsuit over the incident, a class-action complaint filed on behalf of customers whose information was breached.

In a statement sent to SCMagazineUS.com on Tuesday, WellPoint did not address the lawsuit, but said that as soon as the breach was discovered, the company made “necessary security changes” to ensure a similar incident does not occur again.

“Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations,” the statement said.

Meanwhile, this is not the first time WellPoint has experienced a breach.

In 2008, it was discovered that the personal information of about 128,000 WellPoint customers from several states was publicly available on the internet. And in 2006, backup computer tapes containing the personal information of 200,000 members were stolen.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.