Cyber Incident Victim: Independent Clinics of Washington
Date:
Jun 2025
Location:
United States of America
Summary
A lawsuit alleges that Wellpoint Washington Inc. and Independent Clinics of Washington failed to adequately protect patient information from a cyberattack and delayed notifying affected individuals for nearly a year, thereby increasing the risk of fraud. The proposed nationwide class action seeks damages for the alleged negligence and calls for improved data protection measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2025 a cyberattack targeted the patient information held by Independent Clinics of Washington and its partner Wellpoint Washington Inc., a subsidiary of Elevance Health Inc., with allegations that the defendants failed to adequately protect that data. The breach was not disclosed to affected individuals until nearly a year after the incident, according to the plaintiff in a lawsuit filed on June 12, 2026 by a Washington resident who asserted that Wellpoint neglected to inform subscribers in a timely manner. The lawsuit, framed as a proposed nationwide class action, contends that the delay in notification exacerbated the risk of fraud, identity theft, and financial harm for those whose data was exposed. The plaintiff argues that prompt disclosure is essential to mitigating potential harm and that the defendants’ alleged shortcomings left patients unaware of the breach for an extended period.
The case underscores growing concerns about data security within the healthcare sector, where sensitive patient information is frequently targeted by cybercriminals. Wellpoint’s affiliation with Elevance Health Inc. is noted in the complaint, and the litigation seeks to hold the company accountable for both the breach itself and its handling of the aftermath. The alleged negligence is said to have increased the likelihood of fraudulent activity, as affected individuals were unable to take protective measures during the undisclosed period. The complaint emphasizes that timely notification is a critical component of breach response and that the defendants’ purported delay violated that principle.
In response to the allegations, the proposed class action seeks damages for the claimed negligence and requests that Wellpoint implement improved data protection measures to prevent future incidents. The lawsuit is presented as part of a broader trend of class actions targeting organizations that fail to secure sensitive data or disclose breaches promptly. The legal proceedings aim to address the alleged failures and to compel changes in how the defendants manage and safeguard patient information.