Jim Kinney reports that the Baystate Health breach that impacted 12,000 patients has resulted in at least one potential class-action lawsuit. The suit was filed April 11 in U.S. District Court in Springfield, Massachusetts.
Lead plaintiff Aleyda Torresis of Springfield, says she is now at heightened risk for identity theft and other cybercrime, according to court papers.
Read more on SecurityInfoWatch.
Breaches involving ePHI due to employee email accounts being compromised by phishing or some other means have been one of the major sources of ePHI breaches in the past year. Keeping in mind that Baystate reports there is no evidence of any misuse of data (at least not yet) and no one is claiming that the data HAVE been misused, are people just jumping to lawsuits that are unlikely to prevail? Massachusetts amended its breach notification law to require entities to provide 18 months of credit monitoring in the event of a breach involving SSN. Some patients had Medicare or SSN numbers involved in this breach. But the amended law didn’t go into effect until days after Baystate disclosed its breach.
So what are the plaintiffs really suing for?