Plaintiffs in data-breach case say Premera destroyed computer that contained evidence of hacking

Data breach
Members of a class-action lawsuit say Premera destroyed evidence after their complaint was filed. (tashka2000/Getty)

Plaintiffs in an ongoing class-action lawsuit against Premera Blue Cross over a 2015 data breach say the insurer destroyed a computer containing evidence that hackers stole data belonging to 11 million members.

In a legal filing (PDF) last week, plaintiffs asked the court to exclude expert testimony from the Washington-based insurer to prevent the company from “capitalizing on its destruction of evidence to support one of its own defenses.” Attorneys for Premera have argued that the members cannot allege wrongdoing unless they can prove confidential data was exfiltrated from the system.

The plaintiffs claim Premera destroyed a computer that contained such evidence after the class-action lawsuit was filed. It was one of 35 computers identified by third-party cybersecurity firm Mandiant, which conducted a post-breach investigation.


On The Front Lines: How Payers Can Combat The Opioid Epidemic

What will it take to solve the opioid epidemic? In this webinar, we’ll share real-world strategies and best practices for health insurance leaders on the front lines and explore what’s working and how to overcome common challenges.

Although the insurer turned over evidence from the other 34 computers, the final computer “contained a unique piece of hacker-created malware.”

“The destroyed computer was perfectly positioned to be the one-and-only staging computer hackers needed to create vast staging files for the purpose of shipping even more data outside of Premera’s network,” according to last week’s court filing.

RELATED: CareFirst data breach ruling increases liability risks for insurers in future lawsuits

The plaintiffs also allege Premera destroyed data loss prevention logs that would have provided evidence of information leaving the system. The insurer “knew or should have known” both the computer and the logs would be pertinent to pending litigation, the plaintiffs argued.

"We are aware of the motion for sanctions that was recently filed by the plaintiffs in the class action arising from the 2015 cyberattack at Premera," spokesman Steve Kipp said in an emailed statement. "It is the type of motion that is not uncommon in complex litigation involving voluminous physical and documentary evidence, and represents just one of many disputes that can arise during the discovery phase of a lawsuit.  We disagree with the motion and do not believe the facts justify the relief plaintiffs have requested.  Our attorneys will be filing a response in due course."

The case is one of several breach lawsuits against insurers hit by attacks over the last several years. The legal arguments often revolve around the issue of harm and whether hackers actually used stolen data to commit fraud.

That was a central question in CareFirst’s appeal to the Supreme Court last year in a case linked to a 2014 breach.

Anthem recently finalized its $115 million settlement stemming from the massive 2015 breach involving 80 million members. The insurer spent a year in court sorting out the legal fees associated with the case, which was agreed upon last year.

Suggested Articles

Insurer and business groups are ramping up efforts to delay the ACA's insurer tax as a year-end deadline looms.

The VA put millions of people, including medical professionals, at risk of identity theft by not redacting personal information from claims records.

There are unique opportunities to leverage clinical data registries in physician recruitment.