By Sandra R. Mihok, member, Eckert Seamans Attorneys at Law
Health insurance companies have increasingly become the target of cyberattacks, a trend which has spurred a wave of class action lawsuits brought by individuals whose personal information has been breached.
Typically, the lawsuits allege violations of various state laws and seek recoupment of a portion of premiums which they claim was paid to the insurer to keep their personal information secure. When the class action involves employer-sponsored group health plans, these state law claims might be preempted by Employee Retirement Income Security Act (ERISA), which contains specific enforcement mechanisms.
The U.S. District Court for the Northern District of California has recently found that such state laws are preempted by ERISA. If preemption applies, and plaintiff lawyers attempt to pursue such claims under ERISA, employers will want to pay particular attention to plan documents and Health Insurance Portability and Accountability Act (HIPAA) security procedures.