Thursday, February 05, 2015

Anthem Data Breach Affects More Than 80 Million

As if Americans needed one more thing to worry about what will be done to screw them every which way to Sunday, the nation's second largest health insurer, Indianapolis-based Anthem, let hackers steal confidential data on more than 80 million customers--the largest ever for a health care company--before they figured out what was happening. The company promises to reach out to every customer whose data was breached and offer credit monitoring service. Some solace, eh?


TableTopJoe said...

Mr. Welsh,

As a litigator, what are your thoughts with regard to Anthem's liability for this? Doesn't it seem to you that by storing all of this data, Anthem has assumed a duty of care? Further, doesn't it seem that by allowing their security to be breached, Anthem has breached that duty? Do you feel that, to the degree someone can prove up damages arising from this, Anthem should be liable for such damages?

Gary R. Welsh said...


LamLawIndy said...

How much is the cyber-security expert witness going to charge? Any plaintiff will need to prove that Anthem fell below the standard duty of care.

Hernan Dough said...

By declaring secure receipt & handling of personal information; Anthem asserts a standard & employs people for maintenance of same.

Why would they elect discovery from a cyber-security "expert" after the fact; when that level of expertise should reside within their employ?

criticalthinker said...

If they had been using the free UAQUAS system license this attack would have never succeeded!

UAQUAS not only eliminates passwords, it also examines the IP addresses that connect to a host and ensure that they are connected to an authorized program or a current web session, and if not kills the connections for that IP address and puts it on the black list.

Visit the website to learn more.

TableTopJoe said...


I don't know that you would have to hire an expert witness.

Res ipsa loquitor.