Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach
Several class action lawsuits have been filed against City of Hope National Medical Center, a National Cancer Institute (NCI)-designated cancer treatment and research center, over a recently disclosed data breach that exposed the protected health information of more than 827,000 individuals.
City of Hope National Medical Center identified suspicious activity within its network on October 13, 2023, and the forensic investigation confirmed there had been unauthorized access by a third party between September 19, 2023, and October 12, 2023. During that time, files containing patient data were exfiltrated from its network. The exposed and stolen data included contact information, Social Security numbers, driver’s license numbers, financial information, health insurance information, medical records, medical histories, diagnoses/conditions, and health insurance information. City of Hope National Medical Center issued notification letters on April 2, 2024, and offered the affected individuals complimentary credit monitoring services.
Class action lawsuits started to be filed soon after notification letters were mailed. The lawsuits make similar claims, that City of Hope National Medical Center failed to implement reasonable and appropriate cybersecurity safeguards, did not follow industry best practices for cybersecurity, and that the cyberattack that exposed their sensitive data could have been prevented. The plaintiffs allege that City of Hope National Medical Center should have been aware that it was a likely target for cybercriminals due to the high value of healthcare data on the black market and numerous warnings from federal agencies about the high risk of cyberattacks on the sector. The plaintiffs also allege an unnecessary delay in issuing notifications – five months after the cyberattack was detected.
The plaintiffs allege that injuries have been sustained as a result of the data breach. They face an imminent and increased risk of identity theft and fraud since their sensitive data is now in the hands of cybercriminals, and have and will continue to need to spend time and money protecting themselves from fraud, identity theft, and medical identity theft. At least 8 lawsuits have been filed to date in response to the data breach that make claims of negligence, breach of fiduciary duty, breach of implied contract, and invasion of privacy. The lawsuits seek class action certification, a jury trial, damages, and injunctive relief.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy