St. Louis-based health insurer Centene Corp. filed a lawsuit March 11 against Accellion over a recent cyberattack on the vendor's cloud data platform that exposed personal information of a Centene subsidiary insurer, Bloomberg reports.
Hackers exploited four known vulnerabilities in Accellion's file transfer appliance in January, exposing information of several clients, including Centene and Kroger pharmacy, according to a Feb. 24 alert from the Cybersecurity and Infrastructure Security Agency.
In the lawsuit, Centene asks Accellion to cover costs associated with the data breach of its Health Net patients. The insurer claims that despite "clear requirements" of its indemnification agreement with Centene, Accellion "has refused to bear responsibility" for expenses related to the hack, including costs of remediation, mitigation, notification and regulatory reporting, according to the report.
Centene is seeking unspecified damages for costs stemming from its response to the attack as well as an order requiring Accellion to hold it "harmless" for any legal claims.