Analysis: Impact of Anthem Breach Case RulingAttorney Steven Teppler on Why Decision Is Important
A federal court's recent rejection of a motion filed by health insurer Anthem Inc. in its attempt to fight a class-action lawsuit in the wake of its massive data breach is important because it upholds the privacy rights of breach victims, says attorney Steven Teppler.
Attorneys for Anthem had asked the court for permission to scrutinize plaintiffs' computers for security flaws that could potentially lead to identity theft or fraud - a move Teppler, who has represented plaintiffs in other breach cases, portrays as an "intimidation tactic."
Anthem in early 2015 revealed that a hacker attack exposed the data of nearly 80 million current and former health plan members. About 100 lawsuits against the company were consolidated into one federal class-action case in California. The health insurer's attorneys filed a motion in that case seeking permission to access some plaintiffs' computers, smartphones and tablets to image and copy them to determine whether another data breach or embedded malware was responsible for the individuals' potential harm, including identity theft and tax fraud.
Blame the Victim?
Commenting on Anthem's strategy, Teppler says in an interview with Information Security Media Group: "One of the arguments ... that the defense might make is that there are so many data breaches out there, 'you don't know which data breach caused your damage. And so, you can't point a finger at 'Company A' because 'Company B' also had a data breach, and you were a customer of both.'"
But Teppler says that argument isn't likely to stand up in courts - as the ruling in the Anthem case shows. "I think computer ... and cybersecurity forensics can easily resolve those issues. It's something that we see being thrown up as obstacles [by defense teams] toward plaintiffs in class-action matters."
Ultimately, the decision by the judge in the Anthem breach case "is very important because it impinges on privacy issues," he says. "The idea of having an image of a computer taken to discover whether or not at one point there might have been ... a security vulnerability that led to a compromise of the plaintiffs' computers is an intimidation tactic," he says. "All computers have vulnerabilities."
In the interview, Teppler also discusses:
- The potential damages that individuals' whose information have been compromised in large data breaches face;
- Why class-action lawsuits will likely be filed against some healthcare organizations that recently have been targeted by ransomware attacks;
- Other data breach lawsuit trends.
Teppler is a partner at the Abbott Law Group, P.A. in Jacksonville, Fla., and leads the firm's electronic discovery and technology-related litigation practice. He was also one of the attorneys who represented plaintiffs in a data breach-related class action lawsuit against health plan AvMed, that ended in a $3 million settlement in 2013. Teppler is also an adjunct professor at Nova Southeastern University Law School.