Premera

Finding Justice for Exposed Premera Customers

WA Insurance Commissioner Mike Kriedler wantst to know what it took so long for Premera to get out critical info about it data breach. So do SKW class action attorneys. Contact us ASAP if you are/were a Premera insured, especially if you had an individual plan or were insured w/a small group. (Photo: KING5)

SKW attorneys, like, WA Ins. Comm. Mike Kriedler, want to know what it took so long for Premera to get out critical info about it data breach. So do SKW class action attorneys. Contact us ASAP if you are Premera insured and had an individual plan or were insured w/a small group. (Photo: KING5)

Washington State Insurance Commissioner Mike Kreidler is not the only one who is wondering why it took Premera so long to act, after realizing that at least 11 million individuals’ information were exposed to a data breach. We are too and want to see the large class of Premera customers find justice.

Hackers had unauthorized access to approximately 6 million in Washington and the other 5 million in Alaska and Oregon whose information. There are possibly other markets associated with this breach that extends beyond Washington, Oregon, and Alaska.

Our firm is pursuing a class action to obtain a meaningful recovery for all of the victims involved as the result of Premera’s lack of vigilance over their customer’s data. Please contact PremeraClass@Stritmatter.com, as our attorneys want to speak with you ASAP. Our own Brad J. Moore, who is at the helm of the country’s largest public interest law firm (Public Justice) has a long track record of success with some of the largest consumer protection class action lawsuits.

According to KUOW, after Premera called Kreidler to inform him about the data breach that had occurred over a month before, he asked his staff to find out why it took the health insurer so long to inform everyone about this significant news.

He’s launched a multistate investigation of Premera, explaining: “We would have been heavily engaged in this activity weeks ago if we’d been afforded the opportunity to know in a more timely basis. It was clear once we were notified. Which is part of the irritation right now. It took six weeks.”

The class action/consumer protection attorneys are all for Kreidler’s idea about establishing rules that would have compelled Premera to reveal the information within hours, not weeks.

Again, if you or someone you know was or is a Premera insured and believe that sensitive information was accessed in an unauthorized manner, contact us at PremeraClass@Stritmatter.com

What could Premera have done to prevent the massive data breach ?

Contact us, if you or someone you know had a self-pay plan with Premera.

Possible class action against Premera: Contact us, if you or someone you know had a self-pay plan with Premera.

Many questions ran through my head about Premera’s information security, when news came out earlier this week about its massive data breach involving at least 11 million customers first hit the news. Initially, some praised Premera’s response to the sophisticated cyber attack that reportedly occurred in May 2014. However, it turns out that before the breach ever occurred, a federal watchdog agency  (Office of Personnel Management’s Office of Inspector General) notified Premera of at least 10 ways that it should address a range of security weaknesses that the audit of their systems revealed.

Among the weaknesses found by the Office of Personnel Management’s Office of Inspector General’s audit were issues related to patch management, insecure server configurations and weakness related to password history configuration settings

Pop. With the news about the fed audit and findings, the bubble of hope in my mind burst: Looks like Premera had not done everything possible in securing its customers’ data before the May 2014 cyberattack. In fact, Premera had “respectfully disagreed” with some of the recommendations related to patches “as it believe[d] deployment of critical security patches is in compliance with the documented patch management policy provided to the OPM audit staff.”

OIG didn’t agree:

The results of the vulnerability scans performed during the fieldwork phase of this audit indicated that Premera was not in compliance with its policy for deploying patches within a specific timeframe based on criticality. As part of the audit resolution process, we recommend that Premera provide OPM with evidence that it has adequately implemented this recommendation. [emphasis added]

The onsite portion of the audit was conducted during January and February of 2014, with additional offsite audit work performed by OIG before and after the on-site visit. The draft report that OIG issued to Premera on April 18, 2014, was based on Premera’s security controls as of March 2014, according to a final version of the report that OIG issued publicly in November 2014.

In a statement earlier this week, Premera, based in Mountlake Terrace, Wash., said that on Jan. 29, it discovered that cyber-attackers had gained unauthorized access to its systems, exposing information on 11 million individuals. An investigation by forensic experts hired by Premera shows that the initial attack occurred on May 5, 2014, the insurer says. That’s less than a month after OIG issued its draft audit report. What unfortunate timing for Premera and all of its insureds…

Granted, no one is yet saying that had Premera timely compliance with OIG’s recommendations would have thwarted the May 2014 cyberattack.  The facts should illuminate all of us at some point down the road*. In the meantime, privacy experts such as Kate Borten point out that “failure to patch and unsecure configurations are vulnerabilities we’ve known about for decades…Regardless of whether they contributed to this latest attack, every organization – large and small – should pay attention to such common issues… Make it a priority to keep up with patches. Run vulnerability scans and respond to them by correcting security problems. Make sure your tech and infosec staff understand these security risks, and train them if not.”

NOTE: Stritmatter Kessler Whelan is researching a potential class action against Premera. If you or someone you know had an individual plan (not on a company sponsored plan), please contact me at Catherine@Stritmatter.com.

About Us

This blog is maintained by attorneys at Stritmatter Kessler Whelan (SKW), focused on important legal issues, news, and developments... MORE
Connect
   
Favorite Quotation

If thou faint in the day of adversity, thy strength is small.
— Proverbs 24:10

Intense love does not measure, it just gives.
— Mother Teresa

The test of a civilization is the way that it cares for its helpless members.
— Pearl S. Buck

You may trod on me in the very dirt. But still, like dirt, I'll rise.
— Maya Angelou

The worst sin towards our fellow creatures is not hate them, but to be indifferent to them; that's the essence of inhumanity.
— George Bernard Shaw

Without justice, courage is weak.
— Benjamin Franklin

Injustice anywhere is a threat to justice everywhere.
— Martin Luther King, Jr.

Fairness is an across-the-board requirement for all our interactions with each other ...Fairness treats everybody the same.
— Barbara Jordan

I consider trial by jury as the only anchor ever yet imagined by man, by which a government can be held to the principles of its constitution.
— Thomas Jefferson

Why should there not be a patient confidence in the ultimate justice of the people? Is there any equal hope in the world?
— Abraham Lincoln

I don’t know what kind of a future life I believe in, but I believe that all that we go through here must have some value.
— Eleanor Roosevelt

The basic proposition of the worth and dignity of man is the strongest, the most creative force now present in the world.
— Franklin D. Roosevelt

Justice is the end of government. It is the end of civil society. It ever has been and ever will be pursued until it is obtained, or until liberty be lost in the pursuit.
— James Madison

There is no truth existing which I fear, or would wish unknown to the whole world.
— Thomas Jefferson