DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mayo Clinic faces lawsuit in breach of patients’ health records

Posted on November 7, 2020 by Dissent

Not surprisingly, Mayo Clinic is facing a lawsuit over an insider-wrongdoing (snooping) breach that was disclosed last month. Jim Spencer reports:

Patients whose medical records were improperly accessed by a former Mayo Clinic employee are attempting to mount a class-action lawsuit against the health care provider for failing to protect their sensitive personal data.

The lead plaintiff, Olga Ryabchuk, was one of more than 1,600 patients, including more than 1,000 from Minnesota, who had their medical records examined by a former Mayo health care worker who had no right to look at them, according to a complaint filed Friday in Olmsted County District Court.

Read more on StarTribune.

Insider snooping — often out of curiosity but also often concerning an employee’s relatives, friends, or exes — is a long-standing problem and risk. Employees across different services and departments need access to records for patient care, and figuring out what is legitimate access vs. unnecessary access is challenging. Several firms, including one DataBreaches.net collaborates with — Protenus — provide software solutions plus training programs to help entities monitor and reduce inappropriate access.  But can patients successfully sue for violations?  Look at what Spencer reports in the current case:

[the plaintiff] Ryabchuk claims violation of the Minnesota Health Records Act, which forbids unauthorized access to medical records. She also sued for invasion of privacy and emotional distress. In addition to personal information, demographic information and clinical notes, the Mayo employee allegedly looked at “images” of private parts of Ryabchuk’s body, according to the complaint.

Even assuming all that happened, does that make the clinic responsible for the actions of an inappropriate employee? We have seen a number of cases over the years where plaintiffs tried to hold medical centers or employers responsible for an employee’s behavior. Many of those suits fail because the employee was acting outside of the scope of their duties. I do not know if there have been any suits like that in Minnesota though, or what those opinions held. As always, stay tuned…. and maybe some lawyer will blog about this case so we can learn more about similar cases in Minnesota.

 

Category: Health DataInsiderU.S.

Post navigation

← UK: ‘Thousands’ of people could have had personal details in cyber attack on Sandicliffe car dealership
Ca: 2 hard drives and documents with personal health info left behind during MLHU move →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.