Plaintiffs in data-breach case say Premera destroyed computer that contained evidence of hacking

Data breach
Members of a class-action lawsuit say Premera destroyed evidence after their complaint was filed. (tashka2000/Getty)

Plaintiffs in an ongoing class-action lawsuit against Premera Blue Cross over a 2015 data breach say the insurer destroyed a computer containing evidence that hackers stole data belonging to 11 million members.

In a legal filing (PDF) last week, plaintiffs asked the court to exclude expert testimony from the Washington-based insurer to prevent the company from “capitalizing on its destruction of evidence to support one of its own defenses.” Attorneys for Premera have argued that the members cannot allege wrongdoing unless they can prove confidential data was exfiltrated from the system.

The plaintiffs claim Premera destroyed a computer that contained such evidence after the class-action lawsuit was filed. It was one of 35 computers identified by third-party cybersecurity firm Mandiant, which conducted a post-breach investigation.


Driving Engagement in an Evolving Healthcare Ecosystem

Deep-dive into evolving consumer expectations in healthcare today and how leading providers are shaping their infrastructure to connect with patients through virtual care.

Although the insurer turned over evidence from the other 34 computers, the final computer “contained a unique piece of hacker-created malware.”

“The destroyed computer was perfectly positioned to be the one-and-only staging computer hackers needed to create vast staging files for the purpose of shipping even more data outside of Premera’s network,” according to last week’s court filing.

RELATED: CareFirst data breach ruling increases liability risks for insurers in future lawsuits

The plaintiffs also allege Premera destroyed data loss prevention logs that would have provided evidence of information leaving the system. The insurer “knew or should have known” both the computer and the logs would be pertinent to pending litigation, the plaintiffs argued.

"We are aware of the motion for sanctions that was recently filed by the plaintiffs in the class action arising from the 2015 cyberattack at Premera," spokesman Steve Kipp said in an emailed statement. "It is the type of motion that is not uncommon in complex litigation involving voluminous physical and documentary evidence, and represents just one of many disputes that can arise during the discovery phase of a lawsuit.  We disagree with the motion and do not believe the facts justify the relief plaintiffs have requested.  Our attorneys will be filing a response in due course."

The case is one of several breach lawsuits against insurers hit by attacks over the last several years. The legal arguments often revolve around the issue of harm and whether hackers actually used stolen data to commit fraud.

That was a central question in CareFirst’s appeal to the Supreme Court last year in a case linked to a 2014 breach.

Anthem recently finalized its $115 million settlement stemming from the massive 2015 breach involving 80 million members. The insurer spent a year in court sorting out the legal fees associated with the case, which was agreed upon last year.

Suggested Articles

UPMC Health Plan is expanding its medication adherence program with Sempre Health to include diabetes medications.

Despite efforts to improve patient safety over the past 20 years, results have not been optimal. We raise vital questions and renewed areas of focus.

The Trump administration has enlisted CVS Health to pilot administering the therapy to patients in long-term care facilities and at home.