DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Horizon Blue Cross Blue Shield loses round in data breach litigation

Posted on January 21, 2017 by Dissent
  • Disclosure of personal information, even without demonstration of misuse of the information, creates de facto injury under FCRA
  • Court vacates and remands

Justia provides a summary of an opinion issued by the Court of Appeals for the Third Circuit that revives a potential class action lawsuit again a New Jersey health insurer.

The litigation stemmed from a breach in November, 2013 when two laptops with almost 840,000 members’ personally identifiable information were stolen from Horizon’s offices in New Jersey.

In addition to spawning litigation, the breach also contributed to the enactment of legislation in New Jersey requiring encryption of protected health information.

Not surprisingly for the time, in 2015, the lower court dismissed litigation against Horizon, finding that the plaintiffs had not established standing solely by virtue of their data having been stolen. The plaintiffs, who had sued under the Fair Credit Reporting Act (FCRA) and state laws, appealed.

Now, the Court of Appeals holds that the plaintiffs have demonstrated an injury sufficient for Article III standing under FCRA, and vacates the dismissal and remands.

In re: Horizon Healthcare Inc. Data Breach Litigation, No. 15-2309 (3d Cir. 2017)

Horizon Blue Cross Blue Shield provides health insurance products and services to approximately 3.7 million members. Two laptop computers, containing sensitive personal information about members, were stolen from Horizon. Four plaintiffs filed suit on behalf of themselves and other Horizon customers whose personal information was stored on those laptops, alleging willful and negligent violations of the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681, and numerous violations of state law. The district court dismissed the suit for lack of Article III standing. According to the court, none of the plaintiffs had claimed a cognizable injury because, although their personal information had been stolen, none of them had adequately alleged that the information was actually used to their detriment. The Third Circuit vacated. In light of the congressional decision to create a remedy for the unauthorized transfer of personal information, a violation of FCRA gives rise to an injury sufficient for Article III standing purposes. Even without evidence that the plaintiffs’ information was in fact used improperly, the alleged disclosure of their personal information created a de facto injury.

You can access the full opinion on Justia.

 

Category: Health DataOf NoteTheftU.S.

Post navigation

← Ohio State Veterinary Medical Center at Dublin hit with possible data breach
TriHealth notifies 1,126 patients after software glitch sends statements to old addresses →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.