Every time there’s a big breach that has consumers or patients outraged, I see rumblings in the Comments section of posts about class-action lawsuits. An article by John Devine, Edward McAndrew, and Gregory Szewczy of Ballard Spahr about a recent opinion in District Court for the D.C. Circuit is a timely reminder of the uphill battle plaintiffs may…
Category: Commentaries and Analyses
California dentist notifies patients of backup drive stolen from car
Why are we still reading reports of devices with unencrypted patient information being stolen from providers’ unattended vehicles? This is the second report this month I’ve read like this. And while it’s one thing to inform patients that you believe the device was stolen for commercial value and not contents, does this letter go too far…
Athens Orthopedic Clinic incident response leaves patients in the dark and out of pocket for protection
On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…
Axing Boss Is Data Breach Response Last Resort
Jimmy Koo reports: Scapegoating the boss over a cybersecurity incident that compromises customer data or reveals unsavory internal communications usually isn’t the first option in a breach response. Data breaches may result in consumer class actions, organizational embarrassment, a drop in the price of a company’s stock and brand reputation damage, but top executives generally…
Why We Should Score Data Breaches
Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…
Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases
Andrew C. Glass, David D. Christensen and Matthew N. Lowe of K&L Gates write: With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common. A critical issue in nearly all data breach litigation is whether a plaintiff has standing to pursue claims—especially where there is…