Blue Cross Blue Shield is being sued over an alleged breach of security that led to the release of patients' personal information.
Pamela Chambliss and Scott Adamson filed the lawsuit on Aug. 6 in U.S. District Court in Maryland against CareFirst Inc., doing business as Blue Cross and Blue Shield.
The breach was announced around May 20, and resulted in the release of personal information including names, birth dates, email addresses and subscriber information of about 1.1 million patients with the company, the lawsuit said.
CareFirst said another breach occurred around June 2014, and the information was stored “on various computers and data storage devices,” the suit said.
“Upon information and belief, CareFirst did not encrypt the (personal information) in its possession and was viewed as a 'soft target' by hackers,” the lawsuit said. “(Personal information) such as that stolen in the CareFirst data breach is highly coveted by and a frequent target of hackers.”
The lawsuit seeks class status for CareFirst patients whose information was potentially stolen. The suit also seeks damages of more than $5 million plus court costs.
The plaintiffs are represented by Price O. Gielen of Neuberger, Quinn, Gielen, Rubin & Gibber, P.A. of Baltimore; William B. Federman of Federman & Sherwood in Oklahoma City; Cornelius P. Dukelow of Abington Cole + Ellery in Tulsa, Okla.
U.S. District Court of the District of Maryland Baltimore Division case number 1:15-cv-02288.