Dive Brief:
- A class-action lawsuit against Anthem, brought in follow-up to the insurer's massive 2015 data breach, is asking the federal government to share documents from an audit.
- The plaintiffs allege the documents prove Anthem was aware that its information technology security was lacking, and did not act on it, before the breach occurred, Modern Healthcare reported.
- The hack in February 2015 affected an estimated 70 to 80 million customers of Anthem and other Blue Cross and Blue Shield plans.
Dive Insight:
Anthem was criticized following the breach when more than a month and a half later, it still hadn't notified more than 50 million people--the bulk of those who were affected.
Still, the company only took a minimal hit from the situation due to customers' perception that Anthem responded to the breach positively--though that doesn't apply to those now claiming to have had their identities stolen as a result. It remains to be seen whether the lawsuit will do anything to lower that perception of Anthem's handling by putting it in a negative spotlight. Little has been revealed in the time since the breach about how it happened and what Anthem has actually done in response, as noted by Modern Healthcare.
At issue is the existence of a 2013 Anthem IT security audit performed by the U.S. Office of Personnel Management (OPM), because the health insurance giant is an administrator for the Federal Employees Health Benefit Program. The audit reportedly identified shortcomings and noted that Anthem refused to undergo a security test, citing corporate policy. The OPM reportedly performed another audit since the breach, but the federal government has argued they are privileged and will not be disclosed.