WellPoint Class Action Settlement Near
Second Legal Development in Aftermath of BreachEarlier this month, WellPoint agreed to pay $100,000 to reach a settlement about the delayed notification of more than 32,000 residents of Indiana affected by the breach incident (see: WellPoint Settles Over Data Breach).
The class action lawsuit settlement, which won preliminary approval in Orange County, California, Superior Court, alleges more than 600,000 individuals nationwide were potentially affected by the breach. The incident, which occurred between October 2009, and March 2010, involved patient information, including Social Security numbers, that was accessible through an insurance application tracker website.
In the class action settlement, all of those nationwide who were potentially affected by the breach will receive up to two years of free credit monitoring and identity theft insurance. Those found to be a victim of identity theft or loss stemming from the breach will receive an additional five years of credit monitoring and insurance. Some may be eligible for reimbursement of out-of-pocket costs associated with the breach, up to $1,500.
A website describing the proposed settlement also notes that Wellpoint will donate $250,000 to two charities involved in protecting consumers' privacy rights and providing legal services to indigent victims of identity theft.
Numbers Adjusted
The Department of Health and Human Services' Office for Civil Rights, which tracks major health information breaches, last year lowered its tally of the number of individuals affected by the WellPoint breach to about 32,000, listing only those affected in Indiana.A WellPoint spokesman said last year that it originally sent about 480,000 insurance applicants a notice about the breach, offering them a year's worth of free credit protection services. Later, after those notifications were sent out, WellPoint reviewed information that had been placed in escrow by the court as a result of the class action suit and was able to pinpoint that only about 32,000 consumers had their information placed at risk because of the website incident, the spokesman said. The HHS Office for Civil Rights acknowledged last year that WellPoint submitted an addendum to its original breach notification "which modified the number of individuals impacted by the breach." (See: Breach List Update: Tally Changes)
In an unrelated class action settlement, UniCare Life and Health Insurance Co, a subsidiary of WellPoint, recently settled a case stemming from an earlier incident in which certain members' information, including Social Security numbers, was accessible via the Internet in 2007 and 2008.
That settlement included, among other things, a payment of up to $20,000 for those who can prove their identity was stolen as a result of the incident.