John Cleary and Shundra Crumpton Manning of Polsinelli write:
Data breach class action litigation continues to occupy center stage in the ongoing struggle to secure compensation and redress for legitimate victims of actionable cybersecurity shortcomings of data owners. The underlying scenarios in these cases encompass criminal hacking episodes, rogue employees, carelessness and unforeseen material gaps in cybersecurity and patch management. The one-size-fits-all approach to typical class actions, however, frequently places health care providers at the mercy of the plaintiff class action bar, and courts may be reluctant to dismiss or meaningfully curtail these cases in the early phases. Yet hope may be on the horizon. For example, in a new wave of cases, certain federally funded community health centers have used the Federal Tort Claims Act as an avenue for substituting the United States as the proper defendant in data breach cases.
Read more at JDSupra.