Mountlake Terrace, Wash.-based Premera Blue Cross faces up to five class-action lawsuits associated with its recently reported data breach, according to a Seattle Times report.
On March 17, 2015, Premera announced it was the victim of a cyberattack where hackers gained access to sensitive information of approximately 11 million customers. Premera said the initial attack occurred May 5, 2014, and it learned of the attack Jan. 29.
The lawsuits allege negligence, breach of contract, violation of the Washington Consumer Protection Act and failure to disclose the breach in a timely manner, among other alleged violations, according to the report.
The lawsuits were filed in the U.S. District Court in Seattle.
Weitz & Luxenberg P.C. is one firm that filed a lawsuit on behalf of policy holders and seeks "an undetermined amount of compensation for the future economic losses suffered by up to 11 million Premera policy holders," according to a statement.
Their lawsuit particularly alleges Premera failed to reasonably safeguard confidential data and did not do enough to protect affected beneficiaries after the cyberattack.
James Bilsborrow, a co-counsel of the class action, said the credit monitoring services Premera offered customers were inadequate. "Credit monitoring will tell a victim after the fact that they have suffered financial fraud and maybe some of that money will be reimbursed by the victim's bank. But what is Premera doing to safeguard against medical identity theft, inappropriate disclosure of patient clinical information or fraudulent tax filings?" he said in a statement.
Jeffrey Roe, CEO of Premera, has said the payer waited to inform customers about the breach to first ensure its IT systems were secure, a decision advised to the payer by security consulting firm Mandiant, according to the report.
Additionally, Eric Earling, vice president of corporate communications at Premera, said the company "expected litigation on this issue," but has no other comment, according to the report.
More articles on Premera:
3 states partner to launch joint Premera investigation
Premera audit shows payer had known security vulnerabilities prior to cyberattack
Industry leaders comment on Premera breach