In data breach suit, Anthem's 'blame the victim' tactic doesn't fly

One of the biggest hurdles for consumers affected by a data breach is proving damage--and companies are going to greater lengths to make it even more difficult, attorney Steven Teppler tells Healthcare Info Security.

Some courts are requiring evidence of immediate damage, such as a compromised debit card, says Teppler, a partner with Abbott Law Group in Jacksonville, Florida. Teppler represented plaintiffs in the $28 million class action against St. Joseph Health System, in which patients were awarded $7.5 million.

However, the data breach damage universe is expanding, he says.

Anthem faces multiple lawsuits after a data breach that compromised information for 80 million customers, though it contends that no fraudulent activity has been linked to the breach. Plaintiffs argue otherwise.

"One of the arguments ... that the defense might make is that there are so many data breaches out there, you don't know which data breach caused your damage," Teppler says. "And so, you can't point a finger at 'Company A' because 'Company B' also had a data breach--and you were a customer of both.'"

Meanwhile, attorneys for Anthem tried to get permission to search the plaintiffs' computers for security flaws that could have led to identity theft or fraud. The federal court rejected that motion.

To learn more:
- listen to the interview