Indiana attorney general sues WellPoint over data breach
NEWS IN BRIEF — Posted Nov. 15, 2010
The Indiana attorney general has asked a court to censure WellPoint for taking too long to notify the state of a data breach earlier in 2010. The office is seeking, through a lawsuit, $300,000 in civil penalties against the company.
The insurer, which is the country's largest by membership, is based in Indianapolis. According to the attorney general's office, applications for coverage containing identifying information and health records for as many as 480,000 people nationwide was left vulnerable online between October 2009 and March 2010. Even though it was told of the problem in February, the company didn't notify customers and the attorney general's office until June. State law requires notification without "unreasonable delay."
WellPoint said the problem was corrected quickly after the company learned of the "glitch" that made it possible to view applications by manipulating a Web address.
Only a few applicants' information was compromised, but the company contacted all 480,000 people "out of an abundance of caution" and offered free credit monitoring for a year to all of them, WellPoint spokesman Jon Mills said in an e-mailed statement.
Note: This item originally appeared at http://www.ama-assn.org/amednews/2010/11/15/bibf1115.htm.