Anthem Inc., an administrator for health plans and health insurance firm, has recently announced that hackers broke into its database containing personal information on approximately 80 million customers and employees, and it is likely that they were able to remove records for tens of millions of people. The stolen data includes names, dates of birth, social security numbers, health care ID numbers, home addresses, email addresses, and income data. According to several reports, tens of millions of children have also been exposed to ID theft as a consequence of the data breach.
The data breach has already given rise to several legal actions against Anthem in various U.S. states, including several class actions suits, alleging that Anthem failed to implement adequate security and encryption measures to protect the information, and to expeditiously notify the concerned individuals of the data breach.
The data breach demonstrates the considerable risks associated with the maintenance of information infrastructure and the storage of personal data, in particular health data.
We encourage our clients to establish a sound cybersecurity-governance framework and implement adequate security and encryption measures, in order to avoid claims for liability which may result in the occurrence of a substantial adverse financial effect.