In January 2015, an article citing the U.S. Department of Health and Human Services statistics, noted that in the past five years, there have been approximately 120,000 reported data breaches involving health information protected under the Health Insurance Portability and Accountability Act. These breaches have involved more than 31 million individuals. According to reports, the number of Healthcare cyberattacks has increased by 72% between 2013 to 2014.
One of these cases is the recent Premera Blue Cross data breach, as reported in our previousnewsletter. The fallout from Premera's massive data breach continues, as more people join the class action lawsuit filed against this substantial insurer. According to one of the claims against Premera, the company was warned it did not have security safeguards in place, and there were steps it could have taken to prevent this level of cyberattack. In addition, according to one of the plaintiffs’ lawyers, three weeks before the data breach in May 2014, auditors from the Federal Office of Personnel Management, informed Premera that network security patches were not being implemented in a timely manner, and that when it came to access control, Premera's data center did not contain controls which they typically observe at similar facilities. We will continue to monitor this case and update on additional developments as they occur.