Lawsuits have been filed against Anthem Inc., almost immediately following the health insurer's announcement that it was the victim of a cyber attack, which potentially exposed the sensitive data of tens of millions of individuals.
So far, plaintiffs in California, Georgia, Indiana and Alabama have filed four lawsuits against the company, a Sunday USA Today report said. The incident is said to be the largest data breach to hit the nation's health care sector, with early estimates saying that as many as 80 million current and former Anthem customers and employees may be impacted.
Last Wednesday, Anthem's CEO Joseph Swedish announced that the “sophisticated external cyber attack” allowed unauthorized users to obtain the names, birth dates, medical IDs, Social Security numbers and other personal information of Anthem members. In addition, personal information relating to Anthem employees “who are currently covered, or who have received coverage in the past,” was impacted, an Anthem spokeswoman told SCMagazine.com last week.
The breach, reportedly detected on Jan. 27, has now incited four lawsuits (all linked here) which allege that Anthem failed to take adequate and reasonable measures to safeguard its data systems, leaving affected individuals at risk of identity theft and fraud and left to shoulder costs for protection and monitoring against such activities.
On Friday, Anthem itself alerted customers to prepare themselves for a barrage of phishing emails, which may take advantage of the breach news to target current and former plan members.
“These scams, designed to capture personal information are designed to appear as if they are from Anthem and the emails include a ‘click here' link for credit monitoring,” Anthem said in a release. “These emails are NOT from Anthem,” the company warned, advising consumers to avoid clicking email links or supplying personal information on websites they've been directed to from suspicious emails.
Anthem said that impacted individuals should, instead, expect correspondence from the company in the form of mail delivered by the U.S. Postal Service. In the wake of the breach, the insurer is promising free credit monitoring and ID protection services to affected members.