DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Class action lawsuits following breaches in the medical sector: do they help or make things worse?

Posted on January 28, 2023 by Dissent

In their predictions for 2023, the very first prediction by Mary T. Costigan, Jason C. Gavejian & Joseph J. Lazzarotti of JacksonLewis involved healthcare and medical data security and tracking:

2023 will see a significant increase in the number of lawsuits and perhaps OCR compliance reviews relating to medical information privacy and HIPAA, including new developments such as pixel and other tracking technologies. We will see more regulation of health apps and websites as the necessities and advantages of remote health care that were brought by the pandemic are considered further.

DataBreaches concurs in their prediction about a significant increase in the number of lawsuits. As to compliance reviews, they may increase, but DataBreaches is not optimistic that enforcement actions will actually increase, although we certainly hope they will.

But the lawsuits have already been increasing dramatically in the past few years, it seems. If memory hasn’t totally failed me, it used to take years before a lawsuit stemming from a healthcare entity data breach would settle. Nowadays, there seems to be a much shorter time frame from breach disclosure to lawsuit filed to settlement.

The following are just a few of the many potential class action lawsuits filed or settled recently.  In most of these lawsuits,  plaintiffs generally are not alleging any concrete harm such as identity theft or fraud.  And of course, in all of the settlements, the defendants deny any and all allegations but state that they are settling to avoid the costs of litigation, etc.

But do these lawsuits promote better data security?  Do entities actually think, “Whoa, we’d better invest more in protecting data and monitoring business associates or we’ll get sued like they did?”  Or do they think that their insurance will cover most litigation expenses and that is still cheaper than the cost of developing and implementing better data security?

Read more about some of the lawsuits, below, and see what you think.

Katherine Shaw Bethea Hospital: $380k Settlement

Katherine Shaw Bethea Hospital agreed to pay $380,000 to resolve claims it failed to prevent a data breach in September 2021.  If you do not remember that incident at all, it involved the disclosure of patient information to other patients via mailings and an online portal. Notifications were made by Magnet Solutions, and the incident was reported to HHS as affecting 1,553 patients.  The case was Doe, et al. v. Katherine Shaw Bethea Hospital, et al., Case No. 2021L00026, in the Circuit Court of Illinois for the 15th Judicial Circuit, and the settlement site is KSBSettlement.com.  It does not appear to include any provisions for any enhancements in security or monitoring or auditing of business associates or data protection. Read more at TopClassActions.

Logan Health Medical Center: $4.3m Settlement

Logan Health Medical Center settled claims stemming from a  2021 hacking incident that potentially affected 213,543 patients and employees. This was the second breach-related lawsuit settled by the Montana provider in less than three years. Prior to rebranding from Kalispell Regional Healthcare in May 2021, the health system reported an undetected phishing attack in 2019 that led to a monthslong data compromise for 130,000 patients.

This case is Tafelski, et al. v. Logan Health Medical Center, Case No. ADV-22-0108 in the Montana 8th Judicial District Court for Cascade County. The settlement site is loganhealthsettlement.com. Read more at TopClassActions.

Paragraph 68 of the settlement reads:

Business Practice Changes. Logan Health agrees to provide Class Counsel information concerning the remedial actions that it has taken, began or planned since the Data Security Incident as part of its ongoing efforts, to enhance, improve, and strengthen its cybersecurity training and awareness programs, data security policies, security measures, restrictions to accessing Personal Information, and its monitoring and response capabilities.

No other references were found in the settlement agreement to any specific improvements or changes in security measures.

San Andreas Regional Center: Undisclosed Amount

According to plaintiffs in the class action lawsuit, San Andreas Regional Center failed to protect consumer data through reasonable cybersecurity measures. The center reported experiencing a ransomware attack in July 2021 that affected more than 57,000 patients.

The case is Lopez, et al. v. San Andreas Regional Center, Case No. 21CV386748, in the California Superior Court for Santa Clara County. The settlement site is sarcdatasettlement.com.  Read more at TopClassActions

Paragraph of the settlement agreement reads:

Remedial Measures/Security Enhancements. Plaintiffs have received assurances that SARC has implemented or will implement certain reasonable steps to adequately secure its systems and environments, including taking the steps listed in Exhibit 1 to Plaintiffs’ Unopposed
Motion for Preliminary Approval of Class Action Settlement (the confidential declaration agreed SARC will pay costs associated with these security-related measures separate and apart from the other settlement benefits described in this Settlement Agreement. Exhibit 1 will be filed under seal.

Well, that sounds a bit more hopeful.

As to the lawyers’ predictions about lawsuits stemming from Meta pixel tracking, a number of those have already been filed, and DataBreaches anticipates many more will be filed. A recent filing, Doe v. The Christ Hospital in Ohio is somewhat more detailed than many lawsuits as it includes images of highlighted source code showing the problems.

 

Category: Breach IncidentsCommentaries and AnalysesExposureHackHealth DataMalwareU.S.

Post navigation

← Jm: South East Regional Health Authority victim of ransomware attack
Multiple Vulnerabilities Found In Healthcare Software OpenEMR →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.