Anthem Inc., an administrator for health plans and health insurance firm, has recently announced that hackers attacked its database containing personal information of approximately 80 million customers and employees, and it is likely that they were able to remove records for tens of millions of people. The stolen data includes names, dates of birth, social security numbers, health care ID numbers, home addresses, email addresses, and income data. According to several reports, tens of millions of children were also exposed to ID theft as a consequence of the data attack.
The data breach has already given rise to a number of legal actions against Anthem in various U.S. states, including several class actions suits, alleging that Anthem failed to implement adequate security and encryption measures to protect the information, and failed to expeditiously notify the concerned individuals of the data breach.
The data breach demonstrates the considerable risks associated with the maintenance of information infrastructures and the storage of personal data, in particular with respect to health data. We encourage our clients to establish a sound cybersecurity-governance framework and implement adequate security and encryption measures, in order to avoid claims for liability which may result in substantial losses and damages.