US Health Insurer Premera Blue Cross Accused of Destroying Evidence in Data Breach Lawsuit

Catalin Cimpanu, reporting for ZDNet: The plaintiffs of a class-action lawsuit against health insurance provider Premera Blue Cross are accusing the organization of "willfully destroying" evidence that was crucial for establishing accurate details in a security breach incident. In court documents filed last week obtained by ZDNet, plaintiffs claim that Premera intentionally destroyed a computer that was in a key position to reveal more details about the breach, but also software logs from a security product that may have shown evidence of data exfiltration. Establishing if hackers stole data from Premera's systems is crucial for the legal case. Breach victims part of the class-action will be to claim a right for monetary compensation, while Premera may argue that since hackers did not steal data from its servers, there is no tangible harm to victims. The class-action lawsuit is in connection to a March 2015 announcement. Back then, Premera announced that hackers breached its systems and gained access to computers holding the personal and medical data of over 11 million Americans.

Re:Premera in Washington State

[aisnota]

1.) Ok, you can get call records from the phone company with SMDR details (difficulty high)
2.) Hunt down ex-employees that know details of your employees getting shafted
3.) Get class action status of Bad Faith insurance
4.) Pierce corporate veil and put liens on CEO of the times personal property or trusts

Hard to believe zero claim payouts, as even one or a handful of payouts would be enough for plausible deniability so these are imbeciles if corporate America !

Cyber security lawsuit is more tenuous than bad faith of insureds paying in.

Re:Premera in which state?

[greenwow]

Same here. Premera paid no claims for years so we finally switched to UnitedHealthcare. United is much better since they paid the claim of one of our three employees that gave birth. 1/3 sounds bad, but it's so much better than nothing.

Destruction of evidence

[AJWM]

If it can be shown that evidence was deliberately destroyed (and yeah, that's the hard part), then there's generally a legal presumption that the evidence showed the worst possible interpretation of the case for the party which destroyed (else why destroy it?).

Of course when the evidence that they destroyed evidence has also been destroyed, and the evidence of that has been destroyed... well, you get the idea.

Re:Premera in which state?

[youngone]

1/3 sounds bad, but it's so much better than nothing.

That must be an awful way to live. You have my sympathy.

Re:Premera in which state?

[youngone]

It's really is awful.
My wife broke her ankle last year, and was seen immediately at the A&E by a series of well trained competent doctors and nurses.
She was then admitted and stayed in hospital for the next three weeks and had an operation.
When she did come home she had a home help person come to clean the house, and the district nurse checked on her for 6 weeks or so.
But it get worse! So much worse!
When she decided some (extra) physiotherapy was needed, I had to pay nearly $15 per session!
I know !!

Re:Timing is everything.

[Tyr07]

You wish it worked that way. You see, the computer wasn't destroyed until law suits were filld. E.G they had warning that computers might be requested, so they immediately destroyed it before it happened.

I know, you think ahaha I was clever so I get away free. No, it doesn't work that way. If it can be linked that the computer destroyed would of had evidence relating to the breach and was destroyed post breach, especially after lawsuits were filled, it won't work.

They'll still have to prove it, but that's like a criminal shooting someone, then destroying the gun before it's requested in court. You still get hit with destruction of evidence.

Can that really work?

[ErichTheRed]

I've worked at places that use an insanely short email retention policy to get out of e-discovery in lawsuits. One place had a 30-day retention..anything older than that and, "la la la, we have no record of the email you are attempting to recover." And apparently that works, if you have a written policy stating that you don't keep email or backups for more than X days.

But, couldn't any company just send all their computers to the metal shredder the second a lawsuit is filed using the same argument? Maybe that's how they're planning on hiding how bad their data breach was. Somehow I doubt that though...if there were no rules against destroying evidence, every computer would have a self-destruct circuit in it.

Of course no one knows what actually happened, but this totally reads like some clueless CIO getting pressure from the board and CEO to just make the problem disappear.

Re:Can that really work?

[sjames]

The short retention works for anything that happens BEFORE the lawsuit is filed. The written policy is just a way to show that anything destroyed more than 30 days before the lawsuit was just business as usual, not an attempt to destroy evidence. Once the suit is filed, the destruction must be suspended.

Re:Can that really work?

[TubeSteak]

The spoliation inference is a negative evidentiary inference that a finder of fact can draw from a party's destruction of a document or thing that is relevant to an ongoing or reasonably foreseeable civil or criminal proceeding: the finder of fact can review all evidence uncovered in as strong a light as possible against the spoliator and in favor of the opposing party.

E-mail/document retention policies are not a get out of jail free card.

If the company can "reasonably foreseeable" the documents will be needed, they're obliged to preserved them, lawsuit or not.

At the bare minimum, a judge will tell the jury to interpret destroyed evidence in the worst possible light for the destroyer.

In a worst case scenario, depending on your jurisdiction, destroying evidence will spawn a separate civil lawsuit or a criminal prosecution (fines and jail time).

Destroying evidence means you're stupid or hiding something much worse.

No one's being held accountable.

[bjwest]

Until the entire board of directors and everyone with a C*O in their title goes to prison for shit like this, nothing will change in the corporate world. Pissy little fines that barley make a blip on the bottom line will do nothing, and that's probably all that will happen AGAIN.

Re:Timing is everything.

[whoever57]

If I receive notice of a lawsuit today, does that mean I can't replace my refrigerator?

If the refrigerator contains or is evidence relevant to the lawsuit, yes, it means exactly that.

Re:Of course

[harvey+the+nerd]

Insurance companies are major uniparty sponsors unaccountable to the public, a major source of problems from the Medical-Industrial-Congressional complex that hurts and bankrupts many Americians.