Steve Alder reports:
A lawsuit against CareFirst BlueCross BlueShield that was filed in response to a 2014 data breach has had a contract class certified by a federal judge, 9 years after legal action was initiated. The lawsuit can now proceed and more than 1 million plan members are a step closer to obtaining damages. In June 2014, hackers gained access to CareFirst systems, which contained the data of around 1.1 million plan members; however, the intrusion was not detected for several months. In response to major data breaches at Anthem Inc., Premera, Excellus, and Community Health Systems, CareFirst conducted a review of its systems which reviewed there had been unauthorized access to one of its databases.
CareFirst announced the data breach in May 2015 and explained that a single database was compromised that stored data that members and other individuals enter to access CareFirst’s websites and online services. The compromised data included names, birth dates, email addresses, and subscriber ID numbers, but no highly sensitive information such as Social Security numbers, financial information, or health information.
Read more at HIPAA Journal.