Indiana law does not grant consumers the right to sue Anthem or any other data base owner for negligence following a data breach, according to the federal judge presiding over the Anthem data breach multi-district litigation.  Order, In re Anthem, Inc. Data Breach Litig., No. 15-MD-2617 (N.D. Cal. Feb. 14, 2016).

Instead, Indiana law grants consumers only the right to be notified of the data breach without unreasonable delay.  Indiana Code § 24-4.9-3-1.  If notice is not properly given,
Continue Reading Data Breach Victims Have No Legal Remedies Under Indiana Law

Law firms are increasingly becoming the target of cyber attacks. Below is a phishing attack email example. (You can read Diane Reynolds’ blog post on phishing attacks here.) Basically, bad guys want you to open an email and click on a link that provides them access to your computer and our network. There are some simple ways to spot a phishing email.

First, ask yourself why would UPS send you an email to complete a shipment? Never happens.

Second, why
Continue Reading Law Firms Targeted by Cyber Attacks

The marquee breaches that have occurred recently (i.e. Anthem, Home Depot, Morgan Stanley, Target, Linked In, and Sony) have helped U.S. Fortune 1000 companies understand that data security must be taken seriously.  Not only must companies invest in their data security, but they must proactively manage and protect it.  Previously, large corporations generally considered hacking attacks and general security breaches as “Force Majeure” events in that they were both unpredictable and unpreventable.  Therefore, many of the Fortune 1000 purchased cyber
Continue Reading Cyber Attacks: Small/Mid Cap Companies Beware

The recent Anthem breach may potentially affect 80 million people.  Employers who contracted with Anthem as an insurer (or as a third party administrator for their self-insured plans) must now realize that defending their digital perimeter is not enough. Health insurance companies (and their brokers, TPAs, and other insurance support organizations) and large health/hospital systems, who are subject to myriad federal (HIPAA) and state privacy and security laws, are all vulnerable and should prepare now. You should assume that successful
Continue Reading Anthem Lessons: Why You Need a CyberIncident Response Plan for Data Breaches Now

Many employers are wondering what their obligations are in the wake of the Anthem data breach announced on February 5, 2015.  Anthem is a large insurer with customers in 14 states. Anthem stated in its letter that only personal information was accessed during the security breach, but, apparently, no medical information was accessed.  Therefore, Anthem, apparently, has not yet determined whether it believes HIPAA is in play since “only” personally identifiable information was accessed.  (A brief definition/overview of HIPAA is
Continue Reading Employer Notification Obligations in Wake of Anthem Data Breach

Anthem may have just experienced the largest healthcare data breach in U.S. history, with potentially 80 million individuals at risk from this “very sophisticated external cyber attack,” as Anthem chief executive Joseph Swedish said in a statement. There will be months of analysis, debate, and proposed legislation as a result the breach. But there is, already, a silver lining: Anthem’s quick and (from all present accounts) thorough response provides a worthy example for organizations of every stripe to follow.
Continue Reading The Anthem Breach Silver Lining

You may have heard.  Yesterday, Anthem Inc., the nation’s second-largest health insurance company, announced that hackers had accessed tens of millions of its records concerning approximately 80 million of its customers and employees. The information included names and SSNs, among other things, and is just the sort of material that a criminal needs to steal a person’s identity. If you are an Anthem customer, you should consider taking the following steps now.

  1. Monitor Your Credit. Get a copy of your


Continue Reading Breach Alert: Anthem Customers Take Note