Anthem Inc., one of the country’s largest health insurers, reported that its database containing personal information for about 80 million of its customers and employees was hacked. The scope of the incursion is not yet know. It has been reported that the Anthem database breach involved tens of millions of records. Anthem said that the breach exposed employee and customers’ names, birthdays, addresses, and Social Security numbers, not most likely not medical information. All of Anthem’s business units are affected by the databreach. Anthem offers Blue Cross/Blue Shield plans in New York, California and other states.
In connection with the Anthem database breach, Anthem has hired FireEye, Inc.’s cybersecurity unit, Mandiant, to investigate.
As reported in The Wall Street Journal:
Anthem, based in Indianapolis and formerly known as WellPoint, covers around 37.5 million people.
The Anthem database breach could rank among the largest cyber attacks. The J.P. Morgan breach compromised contact information for about 76 million households. Home Depot has said 56 million credit-card accounts were compromised, and 53 million customer email addresses stolen. Target’s cyberattack affected 40 million payment cards.
Daniel Nutkis, chief executive of the Health Information Trust Alliance, a nonprofit that helps health-care companies with computer security, said the largest previously known hacker theft from a health-care company was last year’s intrusion at hospital operator Community Health Systems, Inc., which involved records on 4.5 million consumers.
Anthem’s Mr. Miller said the first sign of the attack came in the middle of last week, when a systems administrator noticed that a database query was being run using his identifier code although he hadn’t initiated it. Investigators tracked the hacked data to an outside Web-storage service and were able to freeze it there, but it isn’t yet clear if the hackers were able to earlier remove it to another location, Mr. Miller said. The Web storage service used by the hackers, which Mr. Miller declined to name, was one that is commonly used by U.S. companies.
If you are an Anthem Blue Cross/Blue Shield subscriber and believe that your private information has been compromised or that you are a victim of this Anthem Database Breach, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating similar matters against Community Health and Target. Please contact Brian Penny, Mark Goldman or Paul Scarlato with any questions you may have.
In a class certification decision with implications going beyond the Nexium case, for nearly all federal class actions, the First Circuit Court of Appeals held that a class definition encompassing some uninjured parties can be properly certified so long as 1) it is consistent with the Supreme Court’s ruling in Comcast v. Behrend, (in other words, plaintiffs must advance a viable damages theory and damages model for each theory of liability), 2) the members of the class are capable of being ascertained, and 3) it is possible to craft a mechanism to weed out the uninjured class members at some point prior to recovery.. Also promising was the Court’s practical approach, which acknowledged the challenges inherent in crafting a definition that is perfect in scope. In conducting its analysis, the Court relied upon the principle that class members should not face a higher burden of proof than individual litigants in order to establish their injury. Finally, the Court opened the possibility of adapting a Halliburton efficient market presumption to consumer class actions.
Nexium is a so called “pay-for-delay” case where it is alleged that a branded drug manufacturer makes large payments to potential generic competitors under the auspices of patent litigation settlements. In exchange, competitors agree to delay their release of generic versions of the branded drug. Accordingly to a 2010 FTC analysis of 66 “pay-for-delay” agreements, consumers lose $3.5 billion per year on average as a result of this anticompetitive conduct. See http://www.ftc.gov/sites/default/files/documents/reports/pay-delay-how-drug-company-pay-offs-cost-consumers-billions-federal-trade-commission-staff-study/100112payfordelayrpt.pdf
Plaintiffs’ specific claims arose from AstraZeneca’s alleged efforts to foreclose generic competition to its Nexium brand heartburn drug. Nexium is a slightly modified version of AstraZeneca’s Prilosec. AstraZeneca introduced Nexium as the Prilosec patent expired. When several generic competitors sought to introduce their own versions of the drug, arguing patent invalidity pursuant to the Hatch-Waxman Act, AstraZeneca brought patent infringement actions against them, then settled those claims with large reverse, in-kind payments to the generic manufacturers. In return, the generic manufacturers agreed not to launch their generic versions of Nexium until May 27, 2014, the date AstraZeneca’s main Nexium patents were to expire.
Plaintiffs, union health and welfare funds who allegedly paid higher prices because of the absence of generic competition, sued, charging defendants with entering into unlawful agreements not to compete, forcing Plaintiffs to overpay for the drug.
On November 14, 2013, Judge William G. Young (D. Mass) certified a class of indirect purchaser plaintiffs. On appeal, Defendants argued the Class should not have been certified because, in part, it included parties who were not damaged, even if the conduct alleged was illegal.
Future class plaintiffs now have a clear roadmap for seeking class certification in complex cases. Crafting a perfect class definition that does not include any uninjured parties at the class certification stage is often nearly impossible. In those circumstances, a class can still be properly certified so long as it satisfies the three criteria: (1) The liability theory must be limited to the injury caused by Defendants, meaning “…[D]efendants cannot be held liable for damages beyond the injury they caused;” (2) The class definition must be definite, referring to the “ascertainability” requirement; and (3) The aggregate payout under an individual claims process must be limited to the total amount of damages for which Defendants were held liable and must be limited to injured parties.
It is evident that class plaintiffs and their counsel must be prepared to offer a separate damages analysis for each theory of liability, as the district court could find one or more of the theories to be invalid. This is also an important consideration at the pleading stage when assessing viable theories and the extent to which data and econometrics enable the separation of the effects of multiple types of misconduct. Defendants relied on the Supreme Court’s 2013 Comcast decision, but the Court distinguished Nexium from Comcast. In Comcast, the plaintiffs had relied on four theories of liability and had calculated aggregate damages based upon all four theories. The district court then certified a class based on just one theory and plaintiffs failed to provide a damages calculation for that one theory alone. In contrast, the First Circuit found the Nexium plaintiffs had offered a theory and damages model that “would only require that the defendants pay aggregate damages equivalent to the injury that they caused.”
The Court also found the second principle had been satisfied, explaining that whether a potential class member purchased Nexium was an objective criterion determining their membership in the Class. All exceptions to class membership are likewise based on objective criteria.
The Ability to Subsequently Exclude Uninjured Parties:
After Nexium, Plaintiffs now have at least two potential methods for excluding uninjured parties subsequent to class certification. Although the Plaintiffs had not offered a mechanism for excluding brand loyalists, the Court conceived of at least two ways Plaintiffs could identify injured class members. Analogizing this dilemma to a plaintiff pursuing the action individually, the Court noted there are no records of generic purchases, as AstraZeneca’s exclusion of generic Nexium was at the core of Plaintiffs’ claims. In such a circumstance, an individual plaintiff could establish antitrust injury by either (1) making an efficient market presumption argument, similar to the presumption of reliance in a securities case (See Halliburton Co. v Erica P. John Fund, Inc.), or (2) by offering testimony stating he or she would have purchased the lower-cost version of an identical drug. Noting that class members should not be subjected to a more stringent burden of proof than they would face had they brought their actions individually, the Court found class members could establish injury by offering an affidavit, the equivalent to offering testimony in an individual case. Thus, even if the presumption argument failed, this approach would be valid.
Notably, either approach shifts the burden to defendant once a plaintiff or class member has offered some evidence of injury. A Halliburton-type presumption is rebuttable, so it would fall upon a defendant to prove consumers would have acted irrationally, paying more for an identical product. A claims process utilizing affidavits would be the equivalent to uncontested testimony; thus, they are sufficient until a defendant offers evidence contradicting the testimony contained therein.
A Practical Approach:
Typically, a class action is the only viable mechanism for large numbers of injured consumers to vindicate their rights, as their individual claims are too small to justify the substantial expenses of litigation. Recognizing the reality, the Court noted the practical challenges inherent in crafting an ideal class definition, “[a]t worst the inclusion of some uninjured class members is inefficient, but this is counterbalanced by the overall efficiency of the class action mechanism.” The Court added that adopting Defendants’ position would place Plaintiffs in an inescapable trap. “…[E]xcluding all uninjured class members at the certification stage is almost impossible in many cases, given the inappropriateness of certifying what is known as a ‘fail-safe class’ – a class defined in terms of the legal injury.”
The Court recognized that “[i]deally, that tension should be resolved by adopting a class definition that includes no uninjured parties and excludes no injured parties…[w]e doubt that this will be feasible in many cases. Without the benefit of further proceedings, it is simply not possible to entirely separate the injured from the uninjured at the class certification stage.” Moreover, the reality is that “‘an erroneous failure to certify a class where individual claims are small may deprive plaintiffs of the only realistic mechanism to vindicate meritorious claims.'” (quoting In re New Motor Vehicles Canadian Export Antitrust Litig., 522 F.3d 6, 8 (1st Cir. 2008)).
Therefore, the First Circuit affirmed class certification, holding:
“In large part, the remaining difference between plaintiffs and defendants is that the defendants would require a determination at the class certification stage as to which parties were injured and which not, whereas the plaintiffs would leave to later stages of litigation such sorting of injured and uninjured parties. We conclude that so long as it is established that such a mechanism can be identified, the presence of a de minimis number of uninjured members at the class certification stage does not defeat a class action. We conclude that such a mechanism can be identified here. The district court did not abuse its discretion in certifying the class.”
The Court lent support to the “yardstick” method of antitrust damages analysis, noting Plaintiffs’ analysis was corroborated by price estimates in Defendants’ documents and that district court had generally credited Plaintiffs’ calculations. Additionally, the Court rejected the argument that an antitrust injury could later be “offset,” stating “…antitrust injury occurs the moment the purchaser incurs an overcharge whether or not that injury is later offset.” Finally, by opening the possibility of a Halliburton-type rebuttable presumption of consumer rationality, the Court acknowledged accepted economic theory. If other courts credit this presumption, it could be an invaluable tool for consumers going forward.
Goldman Scarlato & Penny, P.C. serves on Plaintiffs’ Executive Committee in this litigation. Contact Brian Penny, Esq. if you have any questions about this matter or other generic drug “pay-for-delay” litigation or the impact of this important class certification ruling. (484) 342-0700 or firstname.lastname@example.org.
Brad Maxwell, one of the representative plaintiffs in a case brought by NHL players against the National Hockey League, penned this article explaining what he and other professional hockey players thought they were signing up for and the much greater risks of long term cognitive impairments to which they were actually exposed. Goldman Scarlato & Penny, P.C. is one of several firms representing the plaintiffs in this litigation.
When we got our “bell rung,” no one told us we risked long-term harm.
As a young kid from Canada, all I ever wanted to do was play hockey. I was fortunate enough that my dreams came true and that I was able to have a successful, 10-year career in the National Hockey League — the pinnacle of our sport.
Hockey is obviously tough and physically demanding, which is why players and fans alike love the game. We all expected that our joints, muscles and bones would be subject to injury. But what I, and thousands of other NHL players, did not know about were the long-term effects of repeated hits to our heads. We knew hockey could damage our bodies physically, but never expected it could damage us mentally and lead to a host of cognitive and neurological conditions years after we left the game.
As president of the Minnesota NHL Alumni Association, I have seen firsthand the toll these head hits have taken on former NHL players. My former teammates suffer daily from the effects of countless head injuries: memory loss, depression, insomnia, migraines. Many aren’t able to control their tempers, and that seems to be getting worse with time. In some cases, former players aren’t able to perform everyday tasks that most take for granted. As the medical bills pile up, they worry about how to provide for their families — while they still know who their families are.
Today, I frequently experience memory loss as a result of my injuries from playing in the NHL, and I worry every day that my condition will only get worse. We are all faced with an uncertain future, concerned about our increased risk for neurocognitive diseases like dementia, Alzheimer’s disease and chronic traumatic encephalopathy (CTE) as we get older. CTE is the brain disease suffered by former National Football League players Dave Duerson and Junior Seau, both of whom committed suicide. (Their gunshot wounds were to the chest so that their brains could be studied to find out the reason why they were in such emotional turmoil.) CTE is also the same disease suffered by Derek Boogaard, a left winger for the Minnesota Wild and the New York Rangers and a well-known fighter who died in 2011 at age 28 of an accidental overdose of alcohol and oxycodone.
This was the reason I joined the concussion lawsuit against the NHL, to compel the league to do the right thing by its retired players. Yet instead of doing the right thing, the NHL is scheduled to argue in a federal courthouse on Thursday, Jan. 8, in Minnesota that this lawsuit should be dismissed. In short, the league shamefully wants complete immunity after failing to warn its players about the long-term consequences of head injuries when it was in a position to do so.
During my career, my coaches wanted me to play an intense and physically aggressive game. I was frequently told to “go out and get that guy,” essentially using my body as a weapon against opponents. Over the course of my career, I fought in dozens of altercations at the behest of my coaches. Every one of those punches and bodychecks added up.
I suffered at least three or four concussions in my NHL career, and many other head hits, but I never missed substantial playing time because of these serious brain injuries. Team doctors never suggested that I receive a medical evaluation or take some time off. After those times when I’d had my “bell rung,” my only treatment was to wait it out — which often meant a few line shifts, not days or weeks to let my brain heal.
The NHL condones and promotes brutality in a way like no other sport. Only the NHL allows — even encourages — players to fight each other and put their health and safety on the line. The league believes that skill and athleticism go hand in hand with violence — and in fact has glorified it and used it as a marketing tool.
More concerning than the NHL’s support of this violent culture is how it sought to hide and downplay the health risks of playing under these brutal conditions. The league never told its players that we were at risk for long-term brain damage and diseases, despite mounting medical evidence suggesting otherwise. Even today the NHL refuses to admit that concussions cause long-term neurological harm.
The NHL calls its alumni “hockey’s greatest family,” yet it refuses to care for the men who made the game what it is today. We fought each other when the NHL asked us to. Now, retired players fight together for the security and care we need and rightfully deserve.
Brad Maxwell, president of the Minnesota NHL Alumni Association, played 10 seasons in the National Hockey League as a defenseman with the Minnesota North Stars, Quebec Nordiques, Toronto Maple Leafs, Vancouver Canucks and New York Rangers. He lives in Elko New Market.
Report: The popular fast-food chain has suffered what may be a massive, months-long payment card data breach that likely dates back as far as December 2013. Customers using payment cards in stores nationwide, including stores in Pennsylvania, Virginia, Texas, Maryland and Georgia may be implicated.
If you believe you have been impacted by a possible data breach at Chick-Fil-A and would like more information about a possible class action, please contact Goldman Scarlato & Penny attorneys to discuss your concerns.
Over two months after announcing it was investigating a “potential” issue involving customers’ credit card data, Staples finally announced on December 19, 2014 that over 1 million customer payment cards may have been compromised by a data breach that affected payment systems in more than 100 stores throughout the U.S. Staples said it detected malware at 113 stores that may have allowed access to customer data between Aug. 10, 2014, and Sept. 16, 2014. In two stores, located in Jersey City, New Jersey, and Springfield, Pennsylvania, the malware was present on Staples payment systems for even longer, allowing access to purchase data as far back as July 20, the company said.
If you shopped at a Staples retail store July 20, 2014 and September 16, 2014 and believe that your private financial information has been compromised, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating a similar matter against Target, where litigation is proceeding in federal court in Minnesota. Please contact Brian Penny, Mark Goldman or Paul Scarlato with any questions you may have.
By Nate Raymond
Fri Dec 19, 2014 10:14am EST
(Reuters) – A U.S. judge has cleared the way for consumers to sue Target Corp over the retailer’s late 2013 data breach that they say compromised their personal financial information.
U.S. District Judge Paul Magnuson in St. Paul, Minnesota, on Thursday dismissed claims by plaintiffs in certain states but largely denied Target’s request to toss the proposed class action lawsuit.
Magnuson rejected Target’s argument that the consumers lacked standing to sue because they could not establish any injury.
“Plaintiffs’ allegations plausibly allege that they suffered injuries that are ‘fairly traceable’ to Target’s conduct,” Magnuson wrote.
Neither a Target spokeswoman nor a lawyer for the plaintiffs responded to request for comment.
Target has said at least 40 million credit cards were compromised in the breach, which may have resulted in the theft of as many as 110 million people’s personal information, such as email addresses and phone numbers.
The ruling followed a similar decision by Magnuson earlier this month allowing banks to move forward with a lawsuit to recoup money they spent reimbursing fraudulent charges and issuing new credit and debit cards because of the breach.
Thursday’s ruling pertained to consumers who used their credit or debit cards at Target during the period of the breach and had their information compromised, causing them unauthorized charges, lost account access, fees and credit monitoring costs.
In his ruling, Magnuson dismissed claims brought under deceptive trade practices laws in three states and said a class action could not be maintained for claims under consumer-protection statutes in another 10 states.
Magnuson also dismissed claims under data-breach notice laws in nine states after the plaintiffs withdrew them in another three, and he tossed negligence claims brought under five states’ laws.
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.
(Reporting by Nate Raymond in New York; Editing by Lisa Von Ahn)