Yet another class action lawsuit has been filed following a cyber attack, this time against Excellus Health Plan Inc. and Lifetime Healthcare Inc. in federal court for the Western District of New York. The lawsuit was brought by self-proclaimed “New York City’s largest personal injury and mass-tort plaintiffs’ law firm” and the former employer of New York’s disgraced Assembly Speaker Sheldon Silver, who reportedly collected about $4 million in bribes and kickbacks during his employment, Weitz & Luxenberg P.C., as co-counsel with Faraci Lange LLP.
The suit claims Excellus was negligent in maintaining the security of data, failing to identify the breach and failing to take necessary steps to ensure the system was secure. In particular, the complaint highlights the fact that hackers gained access for twenty months before Excellus detected the breach on August 5, 2015, and only after a cybersecurity firm was hired as a preventative measure. Notwithstanding the fact that Excellus is providing free identity theft protection and credit monitoring for two years, the lawsuit claims such protections are not enough, and that plaintiffs are entitled to unspecified damages and legal fees. Among specific damages identified, the complaint suggests victims are “now at heightened risk of health insurance discrimination.”
With the growing number of class actions by plaintiff’s firms seeking “legal fees” among other damages, including this most recent filing by a firm specializing in the area of asbestos litigation, it is clear that cyber breach is becoming the new “mass tort” of the 21st Century. Companies are well advised to work with security experts to maintain an up-to-date monitoring and reporting program, and a robust insurance program for the extremely high risk of a foreign attack.