UPDATE: As of March 31, 2015, W&L can only consider your case if you have experienced actual fraud. This would include unauthorized charges on your credit cards or accounts opened in your name. It also includes notification from medical professionals or facilities for treatment you never received, or from the IRS that your tax refund went to someone else posing as you. If any of these situations have occurred, please contact us at (800) 476-6070.
——
Weitz & Luxenberg P.C. today filed a class action lawsuit against Seattle-based Premera Blue Cross on behalf of policy holders who lost sensitive private information as a result of a massive, sustained hacking of Premera’s computer systems, the law firm announced.
What made this particular cybercrime even more egregious is that the victims were not told about it until six weeks after the health insurer discovered it, W&L explained.
The class action — filed in federal court — seeks an undetermined amount of compensation for the future economic losses suffered by up to 11 million Premera policy holders, W&L said.
James Bilsborrow, an attorney with W&L’s Environmental, Toxic Tort & Consumer Protection Unit and co-counsel of the class action, said those economic losses could be substantial, with individuals having to spend hundreds, and sometimes thousands, of dollars to protect their information and undo harm caused to them by the breach.
Premera Blue Cross Data Breach Spanned Eight Months
W&L said that, in addition to Premera, the data breach affected the insurer’s Alaska-based operation, Premera Blue Cross Blue Shield of Alaska.
It also impacted Premera’s affiliates — LifeWise Health Plan of Oregon, LifeWise Health Plan of Washington, LifeWise Assurance Company, Connexion Insurance Solutions, Inc., and Vivacity, W&L said.
The representative plaintiffs are two Premera members, both from Olympia, Washington, the law firm said.
W&L indicated that any current or past Premera member may be eligible to participate in the lawsuit if they were Premera policy holders for any period of time during or after 2002 — the farthest back in time that the hackers are known to have reached.
In addition, any Blue Cross Blue Shield member who received treatment in Washington or Alaska from 2002 to January 29, 2015 is potentially affected, the law firm said.
The complaint states that the hackers infiltrated Premera’s computers on or about May 5, 2014, and then operated undetected for eight months.
Although it is not yet known what data hackers actually stole, complete insurance files are frequently sold for hundreds of dollars per file on the internet black market, the law firm explained.
The complaint also states that Premera, after discovery of the data breach, then compounded the harm by failing for six weeks to warn members that their confidential information had been compromised.
Persons who believe their private information was among the data stolen in the Premera data breach may telephone Corinne Sullivan of W&L at (212) 558-5786 to discuss their individual situations, or they may instead choose to contact the firm online using our form.
Premera Data Breach Information Useful To Hackers
W&L’s class action alleges that Premera failed to reasonably safeguard the confidential data and did too little to protect victimized policy holders after the hacking.
The lawsuit also alleges hackers accessed applicant and member information, such as birthdates, Social Security numbers, member IDs, bank account details, claims histories, clinical information, and more, the law firm said.
“Premera has offered to provide a credit monitoring service to notify the victims when information stolen from them is used fraudulently,” said Bilsborrow. “But that is inadequate. Credit monitoring will tell a victim after the fact that they have suffered financial fraud and maybe some of that money will be reimbursed by the victim’s bank. But what is Premera doing to safeguard against medical identity theft, inappropriate disclosure of patient clinical information, or fraudulent tax filings? This type of fraud is far more pernicious given the data types that were compromised.”
Robin L. Greenwald, who heads the W&L litigation unit bringing the class action against Premera, said it has been learned that Premera’s cyber-security systems “were vulnerable to attack and that Premera knew of this vulnerability because the federal government told them one year ago that their security was inadequate.”
She added that “this class action lawsuit against Premera is an important step in holding the company accountable for failing to ensure state-of-the-art security of private information and failing to take all available steps to prevent further harm once it learned of the breach.”