Indiana attorney general sues WellPoint over breach

Share this article:
The Indiana attorney general's office has filed a lawsuit against Indianapolis-based health insurance provider WellPoint for taking months to notify state residents whose personal information was breached.

The lawsuit, filed Friday, contends that WellPoint violated state law, which requires breached businesses to notify affected individuals and the attorney general's office “without reasonable delay,” Attorney General Greg Zoeller said in a news release.

Zoeller said WellPoint learned of the breach, which affected more than 32,000 Indiana citizens, on Feb. 22, but did not begin notifying customers until almost four months later, on June 18.

After learning of the exposure through media reports, Zoeller's office tried to contact WellPoint, receiving a response in late July.

“The delays in notice to both customers and to the attorney general's office are considered unreasonable,” the news release states.

The state is seeking $300,000 in civil penalties.

According to Zoeller, applications for insurance policies submitted to WellPoint that contained citizen's Social Security numbers, financial information and health records may have been available to the public through an unsecured website for at least 137 days, between October 2009 and March 2010.

WellPoint previously had disclosed that the breach was the result of a faulty website upgrade and may have affected 470,000 customers of Anthem Blue Cross, a WellPoint company.

The health insurer is facing at least one other lawsuit over the incident, a class-action complaint filed on behalf of customers whose information was breached.

In a statement sent to SCMagazineUS.com on Tuesday, WellPoint did not address the lawsuit, but said that as soon as the breach was discovered, the company made “necessary security changes” to ensure a similar incident does not occur again.

“Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations,” the statement said.

Meanwhile, this is not the first time WellPoint has experienced a breach.

In 2008, it was discovered that the personal information of about 128,000 WellPoint customers from several states was publicly available on the internet. And in 2006, backup computer tapes containing the personal information of 200,000 members were stolen.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.