Anthem Breach Victims Go To Court Over Cybersecurity Audit Release

Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.

Dark Reading Staff, Dark Reading

November 1, 2016

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Victims of a data breach at health insurer Anthem in February 2015 have filed a class-action lawsuit against the company and are seeking details of an audit by the U.S. Office of Personnel Management (OPM) on Anthem's network security, Modern Healthcare reports. In the cyberattack, hackers compromised personal details of around 80 million Anthem, Blue Cross and Blue Shield members, many of whom have since reported payment card account misuse.

As per the court filing, OPM, which manages the Federal Employees Health Benefit Program, had first carried out a security audit at Anthem in 2013 and pointed out vulnerabilities in its system. It wanted to conduct tests, but this was reportedly turned down by Anthem citing “corporate policy” issues. Shortly after the 2015 cyberattack, OPM conducted a second audit, but its findings were not made public.

The plaintiffs say in their subpoena that if the audit had discovered security flaws, then appropriate action by Anthem would have prevented the subsequent breach and so it was vital the report be disclosed.

Read full story here

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights