New allegations in a class-action lawsuit allege that health insurance company Premera Blue Cross destroyed a computer—and cybersecurity log files—that held key details in the insurer's data breach.
The breach, announced in 2015, involved data and health records of 11 million Americans and of Premera employees.
According to the new allegations, the company preserved 34 of 35 infected computers used by the hackers.
ZDNet obtained court documents in the case, which detail the importance of that 35th computer:
"The destroyed computer was perfectly positioned to be the one-and-only staging computer hackers needed to create vast staging files for the purpose of shipping even more data outside of Premera's network. This computer functioned as the development machine for a software programmer, and as such was pre-loaded with a vast array of legitimate utilities that could be turned to any purpose."
Mandiant inspected that 35th computer, as well as the others, but when plaintiffs in the lawsuit asked Premera Blue Cross for "forensic files" of each computer, the company said it could not provide one for computer #35 because it had been destroyed.
Lawsuit seeks something powerful: sanctions
The consolidated class action suit was filed in Portland, Oregon, and Oregon Live reports on comments from the attorneys pushing the new allegations forward:
"Sanctions are warranted as this destruction has harmed Plaintiffs' ability to analyze these relevant, critical pieces of evidence," wrote their attorneys Kim D. Stephens, of Seattle, and Keith S. Dubanevich, of Portland, in a motion filed... in U.S. District Court in Portland. "It knew that this evidence was critically relevant to the litigation."
If a judge agrees to sanctions, it could lead to instructing the jury that the evidence destroyed can be inferred to have harmed the insurer's case.
Premera's attorneys must respond to the request for sanctions by September 28.
