Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cybersecurity
    • Storage

    Data Breach Prompts Indiana to Sue Health Insurer WellPoint

    Written by

    Brian T. Horowitz
    Published November 8, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Indiana Attorney General Greg Zoeller has filed a lawsuit against insurance company WellPoint for delaying notification of a data breach to the AG’s office and to the more than 32,000 customers in Indiana affected.

      The suit claims that WellPoint violated two Indiana notification laws with each one carrying a penalty of up to $150,000 in fines, according to Molly Butters, a spokesperson for Zoeller’s office.

      “Effective July 2009, there’s a new law that requires database owners to notify those two groups within a reasonable period of time,” Butters said, referring to House Enrolled Act 1121. “After our investigation, we determined that WellPoint did not notify either their customers or our office in a reasonable period based on the information that we uncovered and is in the complaint,” she told eWEEK.

      Since the law is new, this is the first time the Indiana AG office has filed a data breach complaint, Butters said.

      WellPoint became aware of the breach on March 8, and Zoeller’s office found out about the breach in an Indianapolis Star report in June, according to Butters.

      “If it would impact the investigation in some way, then delaying notifying the public is considered reasonable,” Butters said. “In this case, that didn’t happen. Law enforcement hadn’t directed WellPoint to delay their notification.”

      Zoeller’s office submitted a written inquiry to WellPoint in early July, WellPoint responded on July 30 and the Indiana AG’s office filed its suit on Oct. 29.

      WellPoint began notifying customers on June 18.

      WellPoint was upgrading an authentication and log-in application on the company’s application Website, in SiteMinder, when it failed to implement security protections. A potential identity thief would be able to alter a URL to view applicants’ personal data.

      The data was publicly accessible through an unsecured Website from October 2009 to March 2010, according to the Indiana AG office.

      In addition to Indiana, the breach exposed the information for applicants in nine other states: California, Colorado, Connecticut, Kentucky, Missouri, Nevada, New Hampshire, Ohio and Wisconsin.

      About 470,000 WellPoint customers may have been affected overall, according to the insurer.

      The office of Connecticut Attorney General Richard Blumenthal investigated the case earlier this year involving 5,600 WellPoint customers, according to the Hartford Courant. “We did reach a settlement with them, and they did agree to provide two years of credit protection to the affected people,” the Connecticut AG’s office told eWEEK.

      The compromised applications for WellPoint insurance policies included Social Security numbers, health records and financial data, the Indiana AG office reports.

      While the Indiana attorney general’s identity theft unit carries out its investigation, it has encouraged affected WellPoint applicants to get a credit check and security freeze, which Indiana residents can obtain for free.

      The Indiana attorney general’s office went the local route in filing the suit rather than filing under the federal HIPAA or HITECH Acts because of the stiffer penalties involved at the state level, Butters said. The federal laws would involve penalties of about $25,000 compared with about $150,000 each at the state level, Butters said.

      No consumer complaints have resulted from the WellPoint breach, according to the Indiana attorney general’s office.

      WellPoint offers health insurance through Anthem Blue Cross and Blue Shield.

      “Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members’ and applicants’ personal information, in accordance with all applicable laws and regulations,” WellPoint said in a statement to eWEEK.

      Since the breach occurred, WellPoint has taken some security steps to prevent a reoccurrence of the breach, the company said in a statement.

      “In fact, though the majority of individuals who submitted applications were not impacted by the incident, out of an abundance of caution, each applicant received a detailed notification from Anthem Blue Cross and Blue Shield explaining what happened, and was offered identity protection services for one year at no cost,” WellPoint said.

      Meanwhile, Connecticut customers will get two years of identity protection, according to the state’s AG office.

      Accidental breaches such as these often don’t result in fraud compared with a case involving intentional theft, according to Butters.

      “If there was an intentional theft of data, those often result in some fraud or identity theft taking place within a week or so,” Butters said. “But that’s not the situation.”

      Brian T. Horowitz
      Brian T. Horowitz
      Brian T. Horowitz is a technology and health writer as well as a copy editor. Brian has worked on the tech beat since 1996 and covered health care IT and rugged mobile computing for eWEEK since 2010. He has contributed to more than 20 publications, including Computer Shopper, Fast Company, FOXNews.com, More, NYSE Magazine, Parents, ScientificAmerican.com, USA Weekend and Womansday.com, as well as other consumer and trade publications.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.