Changeflow GovPing Insurance Blue Cross Blue Shield of Montana v. Commission...
Priority review Enforcement Amended Consultation

Blue Cross Blue Shield of Montana v. Commissioner of Securities and Insurance - Data Breach Investigation

Favicon for csimt.gov MT Insurance News
Filed February 2nd, 2026
Detected March 19th, 2026
Email

Summary

Blue Cross Blue Shield of Montana is challenging a state investigation into a data breach affecting over 460,000 Montanans. The insurer argues the administrative process is unfair, while the state seeks dismissal, asserting that administrative remedies must be exhausted before court intervention. The investigation aims to determine breach causes, reporting delays, and potential penalties.

View original document View source feed page

What changed

Blue Cross Blue Shield of Montana (BCBSMT) is contesting an investigation by the Montana Commissioner of Securities and Insurance into a significant data breach that impacted over 460,000 individuals. BCBSMT argues in Lewis and Clark County District Court that the investigative process is biased and prevents adequate defense. The state, represented by the Commissioner's attorneys, contends that BCBSMT has not exhausted its administrative remedies as required by the Montana Administrative Procedure Act and is seeking dismissal of the lawsuit. The investigation seeks to clarify when the breach occurred, why reporting was delayed until October, and when affected individuals were notified, with potential fines being a possibility if violations are found.

This legal challenge highlights the critical need for regulated entities to understand and follow administrative procedures before seeking judicial relief. For BCBSMT, the immediate action is to continue engaging with the state's administrative process while simultaneously litigating the procedural fairness of that process. The state's position emphasizes the mandatory nature of exhausting administrative remedies, suggesting that BCBSMT must participate fully in the investigation to preserve its legal standing. The outcome could set a precedent for how data breach investigations are handled in Montana and may influence future regulatory actions concerning third-party contractor breaches and notification timelines.

What to do next

  1. Review internal data breach response and notification procedures.
  2. Monitor ongoing litigation between BCBSMT and the Montana DOI.
  3. Ensure compliance with Montana's data breach notification laws and administrative procedures.

Penalties

Potential fines against BCBSMT if violations are established and deemed in the public interest.

Source document (simplified)

Jordan Hansen | Daily Montanan

Blue Cross Blue Shield fought this week in Lewis and Clark County District Court to stop the Montana Commissioner of Securities and Insurance from moving ahead with an investigation into a massive data breach, affecting more than 460,000 Montanans.

Montana’s largest insurance carrier told Judge Christopher Abbott the process has been stacked against it and it hasn’t been able to properly defend itself.

Meanwhile, attorneys for Commissioner James Brown told the judge the administrative process hasn’t played out and it’s unclear if a 2025 Legislative session regarding data breaches will be retroactive to an incident involving Conduent, a third-party contractor of Blue Cross Blue Shield, which was reported in January of last year. The state is still in the process of gathering facts about the breach, lawyers for the state said.

That’s why the state wants the investigative process to play out, attorney Jack Connors said, adding the process would answer those questions. There’s also an option for judicial review under the Montana Administrative Procedure Act, which the state says applies in this case and the state is seeking dismissal of the lawsuit.

“As a matter of basic administrative law, a party must exhaust all available administrative remedies before turning to a court for relief,” the state’s request for dismissal says. “The Montana Supreme Court has held that compliance with the provisions of MAPA is mandatory.”

The hearing came as a step by the state to investigate when the breach occurred, why it took until October for the company to fully report the issue and when those impacted were told their data was compromised.

“Commissioner Brown opened the investigation of BCBSMT and the Conduent data breach for multiple reasons: (a) to help educate the public about data breaches, (2) to improve the regulation of insurance companies to prevent future breaches, and (3) to potentially impose a fine against BCBSMT if the facts establish a violation and if the Commissioner finds that imposing a fine is in the public interest,” court documents submitted by the state say.

Lawyers for the state did say Brown, “wasn’t going to stick it to the largest health insurance provider in Montana.”

To read the full article, click here.

Was this helpful?

👍 Yes 👎 No Please give us your feedback!

Please let us know how we could improve this article.

Submit

Related changes

Favicon for csimt.gov Montana Exposes $54.7M Obamacare Fraud, Recovers $23.3M
Urgent Mar 19, 2026 MT Insurance News Insurance
Favicon for csimt.gov Montana BCBS Data Breach Dispute with Insurance Commissioner
Priority review Mar 19, 2026 MT Insurance News Insurance
Favicon for csimt.gov Insurance chief exposes Obamacare fraud bust on Glenn Beck
Routine Mar 19, 2026 MT Insurance News Insurance
Favicon for doi.nebraska.gov Nebraska Suspends Remote Insurance Agent Testing
Priority review Mar 19, 2026 NE Insurance News Government General
Favicon for doi.nebraska.gov Association Scam: How it Works
Priority review Mar 19, 2026 NE Insurance News Government General
Favicon for doi.nebraska.gov Nebraska Law on Reporting Fake Auto Insurance ID Cards
Priority review Mar 19, 2026 NE Insurance News Government General

Source

Favicon for csimt.gov
MT Insurance News csimt.gov/news
Insurance
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
State DOI
Filed
February 2nd, 2026
Instrument
Enforcement
Legal weight
Binding
Stage
Consultation
Change scope
Substantive

Who this affects

Applies to
Insurers Consumers
Industry sector
5241 Insurance
Activity scope
Data Breach Response Regulatory Investigation
Threshold
Affects more than 460,000 Montanans
Geographic scope
State (Montana) State (Montana)

Taxonomy

Primary area
Insurance
Operational domain
Compliance
Topics
Data Privacy Consumer Protection

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 211 Consumer Protection 35 Courts & Legal 243 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 102 Environment 82 Government & Legislation 240 Healthcare 107 Housing 15 Immigration 8 Insurance 56 Labor & Employment 113 Pharma & Drug Safety 72 Securities & Markets 73 Tax 50 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Insurance alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when MT Insurance News publishes new changes.

Free. Unsubscribe anytime.