Nebraska on Monday became the first state to sue Tennessee-based Change Healthcare over the company’s massive data breach that cost at least 575,000 Nebraskans their personal information and medical records.
… The breach was blamed on a low-level employee who had his or her login credentials hacked.
Nebraska Attorney General Mike Hilgers said he is suing because of the company’s carelessness in handling data and in how slowly it has notified people affected. He called the hack one of the “one of the largest” data breaches in modern history.
The company, he said, was wrong to allow a low-level employee access to a full data set. No company, he said, should store such sensitive information on outdated technology that does not require two-factor authentication to access.