In The Wake Of The Anthem Health Data Breach, Interviews Online Security Expert Craig Spiezle Of Online Trust Alliance

Share Article

In this age of online commerce, digital storage of medical records and personal information archived in the cloud, the security of sensitive and personal information should be of paramount concern and yet, according to Craig Spiezle of Online Trust Alliance, that’s not happening. interviews both Spiezle and attorney Patrick Peluso, who has filed an Anthem data breach lawsuit on behalf of consumers.

Data Breach lawsuit
"Increasingly Savvy Hackers Snatched Billions of Dollars in Data"

Craig Spiezle looks to the data breach suffered by Anthem Health* as an example of the scale, and complexity of modern-day data thefts and hacks that expose the personal information and ultimately, the privacy of individuals, together with the decimation of a corporation’s security systems. In the Anthem breach, according to The New York Times (2/5/15) the home and email addresses, names, dates of birth and Social Security numbers of some 80 million Anthem Health clients were exposed.*

Spiezle serves as the executive director of Online Trust Alliance (OTA), an industry association formed in 2005 with a mandate to communicate concerns and help foster improvements towards a more secure online world for business, commerce and consumers. In an interview with Online Legal Media’s Brenda Craig, Spiezle notes that cyber criminals gain access to a corporation and its internal systems through what he calls “social engineering”. “[Hackers] gather data like marketing companies do,” Spiezle says. “They collect and append data from multiple sources, and the more information they have about an individual, the more valuable it becomes.

“The information they gather is often traded and sold in the underground economy,” explains Spiezle. “They may have credit card numbers stolen from [various hacked companies] that they can trade and match up with health care information, employment histories. It becomes very valuable.”

The ‘social engineering’ of which Spiezle refers begins with an attempt to ascertain the email of the systems administrator, after which an internal email is faked. The communication asks for certain files to be opened and made available. “They may ask that person to open up a PDF of the current financial plan saying they would like to get some feedback,” notes Spiezle. “That is social engineering,” he says. “More and more often we are seeing these malicious entries coming from a typical phishing e-mail.”

According to Spiezle, hackers can use the information to file false tax returns, obtain new credit cards and steal identities, in addition to an almost infinite list of nefarious activities that could damage those individuals whose information has been taken.

Various lawsuits have been filed against Anthem Health over the security breach, including one putative class action lawsuit** on behalf of a Colorado woman, Dana Hills, claiming breach of contract. The Anthem data breach lawsuit filing is Dana Hills v. Anthem, Inc., Case No. 1:15-cv-00314-PAB, US District Court for the District of Colorado. According to the plaintiff’s attorney, Patrick Peluso of the firm Woodrow & Peluso LLC, “our case alleges that Anthem’s privacy policies and its website*** explicitly say they will protect people’s personal information and they didn’t,” Peluso told Online Legal Media’s Brenda Craig in an interview at****. According to a recent IBJ article (2/14/15), Anthem's internal data was not encrypted and that it did not have a "multi-factor authenication" system in place.*****

“In the court documents, we allege that people overpaid for their premiums as a result of Anthem not protecting data the way it said it would. People would not have paid the premium price if they had known their social insurance numbers, and other types of data, were at risk,” Peluso said.

Spiezle, having recently attended the Cyber Security Summit held at the White House in Washington, does not profess to know exactly what may have occurred in the Anthem Health case – and whether, or not encryption may have been lacking. “Companies are trying to do a better job, but there is no excuse for negligence either.

“Think of these companies like big ships,” Spiezle continues. “Someone opens a window, the ship begins to take on water and sinks. The first question we always need to ask is did the company have good defenses in place?” he says. “Then we ask what did they do to detect the problem and what did they do to contain it?”

*"Millions of Anthem Customers Targeted in Cyberattack", The New York Times, Reed Abelson and Matthew Goldstein, February 5th, 2015.
** Dana Hills v. Anthem, Inc., Case No. 1:15-cv-00314-PAB, US District Court for the District of Colorado; Filed 2/13/15;
*** Anthem company website;
**** "Increasingly Savvy Hackers Snatched Billions of Dollars in Data", Brenda Craig,, February 24, 2015,
***** "Anthem's IT system had cracks before hack", Indianapolis Business Journal, February 14, 2015, provides comprehensive legal news and critical information for those affected by once-in-a-lifetime situations involving medical device lawsuits, personal injury, defective products, California Overtime and labor issues or a host of others. Readers seeking legal help can request it by completing a form which is distributed to attorneys specializing in these cases. Trial attorneys utilize the site to keep abreast of hot legal issues and settlements as well as connect with potential clients. Web:

About Online Legal Media

Online Legal Media owns and operates websites providing information for the general public and the legal community., founded in 2001, is an online legal news publication with over 2.1 million visitors annually and hundreds of thousands of requests for attorney help from its readership. serves as a portal for trial attorneys to network and market their firms to other legal professionals. offers resources for those suffering from asbestos exposure and mesothelioma. Online Legal Media is based in Santa Cruz, California.

Follow Online Legal Media on Twitter @OnlineLegalNews and on Facebook at

All trademarks are the property of their respective owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

John Sliney. COO
Visit website