Our quick and easy process allows you to start your data breach claim - sign-up today to claim potentially thousands in compensation.
We specialise in representing victims for data breach compensation claims.
Information on how we handle your data is available in our Privacy Policy.
The Community Health Plan of Washington (CHPW) – provider of health insurance in Washington – issued a press release on the 21st of December concerning a data breach that may have affected up to 400,000 current and former members of the organisation.
This is yet another large data leak involving a healthcare sector – usually the biggest culprits in terms of data leaks, which is made worse by the sensitive nature of the data that can be breached.
The data breach may have exposed personal information which includes:
Within the press release, it’s reported that they were made aware of the breach on the 7th of November. They said they immediately informed the FBI and several state regulators, including the Washington Office of the Insurance Commission and the Washington State Health Care Authority. The organisation took “immediate measures to disable servers and a digital forensics team was engaged to investigate”. However, one can’t help but wonder why the members whom the personal information belonged to weren’t also immediately notified.
On November 30th, the forensic experts confirmed that there was indeed an unauthorised access of members’ personal information. The press release also reported that the breach happened because outsourced security was in a vulnerable state. In that claim, they make it sound like it wasn’t their fault, but the fault of their external services providers.
However, the CHPW cannot pass on the blame so easily and play the victim when they are the ones who are ultimately responsible for their organisation’s security.
CHPW emailed all 381,534 current and former members, apologetically informing them of the unfortunate breach and assuring them were doing all that they could to handle the situation. In a gesture of good will, they offered credit and monitoring services to all with a personal login for 12 months free of charge. They also say that they have engaged with services providers to increase their security and ensure another breach won’t happen again.
Not having adequate security to protect is not only irresponsible and reckless, but it’s also disrespectful. Data breaches are not something to be shrugged off. The financial and psychological harm can be extensive, with the latter causing potentially life long consequences.
Here in the U.K., the Information Commissioner’s Office would likely investigate a breach like this and may well find that it breached Data Protection laws by not having appropriate security to protect their members’ personal information.
We specialise in representing victims for data breach compensation claims.
Information on how we handle your data is available in our Privacy Policy.
Speak to our team now for help and advice.
Fill out our quick claim form below and we’ll contact
you when you’re ready to talk to us.
All fields marked * are required.