DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Health insurer Excellus fails in latest attempt to get breach lawsuit dismissed

Posted on March 3, 2017 by Dissent

Patrick O’Neill reports the latest litigation update involving Excellus, whose breach was covered on this site in 2015:

Four years after Excellus BlueCross BlueShield was hacked and more than 10 million members had their data exposed, the insurer remains on the defensive in class action lawsuits claiming it ignored cybersecurity at peril of its own members.

Excellus failed last week in an attempt to win dismissal of a suit after arguing unsuccessfully that the data stolen and used against the victims could plausibly have come from any hack anywhere.

Read more on CyberScoop.

While I understand the court’s reasoning, the problem is that Excellus may be right – with so many mega-hacks between 2013-2015, the data could have come from another hack.  If a plaintiff could show an unusual name or address spelling involved in the fraud that only linked to their Excellus account, that might help prove that the Excellus breach was related to the fraud they experienced, but absent that kind of thing, it really could be hard to know which breach resulted in any one person’s harm or injury, assuming that there even was any concrete harm or injury that plaintiffs experienced.

Interestingly, I just checked HHS’s site and it appears that OCR has not closed their investigation into this incident, so Excellus is not out of the woods with OCR, either, at this point.

No related posts.

Category: HackHealth DataU.S.

Post navigation

← Columbia Sportswear Accuses Former IT Employee Of Hacking
Hundreds of Lowe’s customers’ personal information compromised →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.