Victims of a data breach at health insurer Anthem in February 2015 have filed a class-action lawsuit against the company and are seeking details of an audit by the U.S. Office of Personnel Management (OPM) on Anthem's network security, Modern Healthcare reports. In the cyberattack, hackers compromised personal details of around 80 million Anthem, Blue Cross and Blue Shield members, many of whom have since reported payment card account misuse.
As per the court filing, OPM, which manages the Federal Employees Health Benefit Program, had first carried out a security audit at Anthem in 2013 and pointed out vulnerabilities in its system. It wanted to conduct tests, but this was reportedly turned down by Anthem citing “corporate policy” issues. Shortly after the 2015 cyberattack, OPM conducted a second audit, but its findings were not made public.
The plaintiffs say in their subpoena that if the audit had discovered security flaws, then appropriate action by Anthem would have prevented the subsequent breach and so it was vital the report be disclosed.
Read full story here.