Indiana Attorney General Files Lawsuit Against WellPoint Over Data Breach

Indiana Attorney General Greg Zoeller has filed a lawsuit against Indianapolis-based health insurance company WellPoint following a data breach that occurred earlier this year and affected more than 32,000 Hoosiers, according to a news release by the Indiana Attorney General's Office.

Applications for insurance policies to WellPoint, which contained sensitive information such as social security numbers, financial information and health records, were potentially available to the public through an unsecured website for at least 137 days between Oct. 2009 and March 2010. According to the complaint, WellPoint was notified twice — on Feb. 22, 2010 and March 8, 2010 — about the exposed applications.

The complaint against WellPoint says the company did not begin notifying customers of the data breach until June 2010. WellPoint also allegedly did not respond to the Attorney General's Office's inquiry into the data breach until July 2010. The state said both delays are considered "unreasonable" and is seeking $300,000 in civil penalties.

While most inadvertent security breaches do not result in fraud, notifying those affected in a timely manner significantly reduces the risk of identity theft, the Attorney General's Office said.

Read the Indiana Attorney General's Office news release about the lawsuit against WellPoint.

Read other coverage about data breaches:

- Patients Affected by BCBS of Tennessee Data Breach Nearly Doubles

- Radiologist at Center of Data Breach at Connecticut's Griffin Hospital

- Delaware Hospital CEO Defends Actions Following Data Breach in Memo to Staff

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months