Breach Suit Against Aetna Dismissed

Court cites lack of evidence
Breach Suit Against Aetna Dismissed
A class action lawsuit stemming from a breach of an online job application database at health insurer Aetna has been dismissed.

In May 2009, Aetna confirmed that some e-mail addresses had been copied from its job application Web site and used to send out phony e-mails. The Hartford, Conn.-based insurer offered free credit report monitoring for a year to about 65,000 individuals in case their information was breached.

The phishing e-mails appeared to be from Aetna and asked for additional personal information.

In addition, Social Security numbers and other personal information was stored on the Web site. When the insurer reported the breach, and again when the lawsuit was filed, a company spokesperson told the media that Aetna had found no evidence that any information, other than the e-mail addresses, was inappropriately accessed.

The U.S. District Court for the Eastern District of Pennsylvania earlier this month dismissed the suit filed by a former employee, Cornelius Allison, who had applied via the Web site to rejoin the insurer's staff in January 2009. He had claimed he incurred out-of-pocket expenses for additional identity theft protection services, and stated he and others affected "face a significant risk of identity theft."

Basis of decision

The court ruled that Allison's claim against the insurer was invalid because its allegation of increased risk of identity theft was "far too speculative."

The court stated that Allison presented no evidence that his personal information was inappropriately accessed, plus he never received the phishing e-mail.

"At best, the plaintiff has alleged a mere possibility of an increased risk of identity theft...and he certainly has not asserted a credible threat of identity theft," according to the ruling.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.