The plaintiffs in a class-action lawsuit against Premera Blue Cross, which involves a 2014 data security incident, claim the payer "willfully" destroyed evidence that would have provided details of the breach, ZDNet reports.
According to new court documents obtained by ZDNet, the plaintiffs accuse Premera of intentionally destroying a computer and software logs that may have shown evidence that hackers stole data from its systems after the class-action lawsuit had been filed. Showing that data was removed from Premera's computers is crucial for a establishing a legal case.
The lawsuit stems from a 2014 data incident in which a Premera employee fell victim to a phishing attack that allowed hackers to install malware on the insurer's network. More than 11 million Americans were notified of the breach in March 2015.
About one month before the cyberattack, the Office of Personnel Management warned Premera that it "found numerous security flaws during a routine audit of Premera's systems."
The plaintiffs had requested access to evidence regarding the breach, including hard drives and forensic images of the 35 Premera computers that Mandiant, a third-party cybersecurity firm employed by Premera, identified as infected. However, the plaintiffs allege "Premera responded that it could only produce images for 34 of those 35 computers; the 35th computer had been destroyed," according to the new documents.
"The 35th computer was a 'developer' computer — loaded with robust software and afforded security clearance to Premera's most sensitive databases," court documents state, according to ZDNet.
Permera claimed that computer was categorized as an end-of-life asset, which justified its destruction.
In response to questions from ZDNet, a spokesperson for Premera Blue Cross provided the following statement:
"We are aware of the motion for sanctions that was recently filed by the plaintiffs in the class action arising from the 2015 cyberattack at Premera. It is the type of motion that is not uncommon in complex litigation involving voluminous physical and documentary evidence, and represents just one of many disputes that can arise during the discovery phase of a lawsuit. We disagree with the motion and do not believe the facts justify the relief plaintiffs have requested. Our attorneys will be filing a response in due course."
The plaintiffs are asking the judge overseeing the case to instruct the jury "to presume that exfiltration occurred," as well as deny Premera the opportunity to have a security expert testify that no data exfiltration took place.