In re Dominion Dental Servs. United States

In re Dominion Dental Servs. United States

Opinion

 [*191]  ORDER [**2] 

This matter comes before the Court on plaintiffs' motion to compel Dominion National defendants to produce the Mandiant report and related documents. (Dkt. No. 93). Specifically, plaintiffs seek the report produced by cybersecurity firm FireEye Mandiant ("Mandiant") in the wake of the data breach at issue in this litigation. Defendants oppose the motion (Dkt. No. 96), claiming that the Mandiant report was created to inform legal counsel and litigation strategy and is therefore privileged and protected work product. Having considered the arguments of counsel and reviewed plaintiffs' motion, defendants' opposition, and plaintiffs' reply in support of the motion, (Dkt. No. 98), the Court will grant plaintiffs' motion for the reasons that follow.

I. Background

Beginning in August 2010 and continuing through April 2019, plaintiffs allege that hackers gained access to Dominion National's databases and were able to access personal, financial, and medical information of current and former customers. Pl. Compl. (Dkt. No. 1) at ¶ 2. This information included names, addresses, email addresses, dates of birth, Social Security and taxpayer ID numbers, member ID numbers, and other protected health [**3]  information. Id. Dominion National defendants discovered the data breach on April 24, 2019, following an investigation of an internal data security alert on April 17, 2019. (Dkt. No. 96) 2.

According to letters sent to the customers of Providence Health Plan on August 20, 2019, Dominion National advised that "[o]n April 24, 2019, through our investigation of an internal alert, with the assistance of a leading cybersecurity firm, we determined that an unauthorized party may have accessed some of our computer servers." (Dkt. No 93-3). Defendants conceded at oral argument that the "leading cybersecurity firm" referenced in the letter is Mandiant. (Oral Argument at 11:08).¹

Notably, defendants' relationship with Mandiant began far before the data breach was discovered. Beginning no later than August 1, 2016,² defendants hired Mandiant to investigate, prevent, and remediate data breaches. (Dkt. No. 98) 1. On June 19, 2018, almost one year before the discovery of the data breach in this case, defendants, Mandiant, and BakerHostetler LLP executed a statement of work agreement. (Dkt. No. 98-1). This document contemplates incident response services, including: "computer incident response support, [**4]  digital forensics support, advanced threat actor support, and advanced threat/incident assistance." Id. at 1. The document  [*192]  also enumerates deliverables, which include incident response service status reporting, an incident response final report (including "recommendations for remediation in a written detailed technical document"), and an incident response executive briefing. Id. at 2. As noted above, Dominion received an internal alert regarding a potential intrusion of its computer systems on April 17, 2019, (Dkt. No. 96) 2, yet nothing in the record reflects that the June 2018 statement of work had expired prior to that date.

Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.