Charles Toutant reports:
A New Jersey hospital has been hit with six class action suits after hackers obtained patient information in a data breach.
CentraState Medical Center allegedly failed to take adequate precautions to prevent such attacks, and then compounded the error by waiting six weeks to notify plaintiffs and class members about the breach, the plaintiffs claim in court documents.
CentraState suffered a cyberattack in December 2022, and it announced the incident to affected patients beginning Feb. 10, 2023.
The breach involved data belonging to roughly 617,000 people, the suits claim.
Read more at Law.com.
From the headline, you might think that the CentraState breach must be significantly worse than other breaches to warrant so many quick lawsuits.
As far as DataBreaches can tell from what has been revealed so far, nothing is notably different about this incident compared to other ransomware incidents. And although plaintiffs complain that it took six weeks for CentraState to notify them, that time frame is significantly faster than most entities under similar circumstances.
DataBreaches is not trying to minimize the risk of ID theft or fraud or the harm/pain of dealing with a breach but laments that it seems like a slew of lawsuits immediately follows any breach these days. In some cases, litigation may seem warranted — as when the entity has not been forthcoming about data being exfiltrated and leaked on the internet or when the entity’s notification to patients was sent months after patient data had already appeared on the internet. But if all we know is there was an incident that the entity reported timely to regulators and patients, why the rush to sue?
And do the patients who are named plaintiffs stop using those doctors or hospitals that they allege are so negligent, etc.?