Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

November 1st, 2010, 11:52 GMT · By

WellPoint Sued by the State of Indiana over Late Breach Notification

SHARE:

Adjust text size:


WellPoint sued for delaying data breach notifications
Enlarge picture
The State of Indiana is suing WellPoint, one of the largest health insurance providers in the United States, for failing to notify customers affected by a data breach in a timely manner.

WRTV Indianapolis' Channel 6 reports that the lawsuit was filed on Friday in Marion County by the attorney's general office and seeks $300,000 from the company.

According to the complaint, WellPoint waited several months before beginning to notify customers whose personal, medical and financial information was exposed during a data breach incident.

The attorney's general office claims that WellPoint learned of the problem on February 22 this year, but only began sending notification letters in June.

Information available when we originally wrote about the incident, suggested that 230,000 people were affected, but Channel 6 now claims as much as 470,000 victims.

In addition, it was previously believed that names, phone numbers, addresses and Social Security Numbers (SSNs) were breached, but according to the new report, credit card details might also have been exposed.

"Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations," a WellPoint spokesman said.

"As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again," he added.

The company previously explained that the breach was the result of a faulty website upgrade, which occurred in October 2009, but claimed that the security hole was available for "a relatively short period."

New information suggests that the website was vulnerable for at least 137 days between October and March, which puts a new perspective on what "relatively short period" means for WellPoint.

According to the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA), "individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach."

TELL US WHAT YOU THINK:

1,129 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


FedEx Loses CDs Containing NY Hospital's Patient Data
230,000 Health Insurance Customers Had Their Personal Info Compromised
Over 150,000 Women Affected by UNC School of Medicine Hack

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use