Share this article on:
The data breach at Community Health Systems which was reported in August was the second largest in history, with 4.5 million records potentially accessed by a suspected group of Chinese hackers. The successful attack and data theft has left millions of patients potentially exposed and at risk of identity theft and financial loss. The data accessed included personal information such as names, addresses, social security numbers and date of births; information the thieves can use to create fake documents and run up huge debts.
The HIPAA breach has understandably resulted in legal action being taken against CHS by some of the victims, with at least two class action lawsuits now filed against the healthcare provider and operator of 206 nationwide hospitals. A class action lawsuit has been filed by firms Slack & Davis and Branch Law Firm with Briana Brito named as the class representative. A second class action suit has been filed on behalf of 5 Alabama residents (and all others affected). Specific dollar amounts have not been stipulated and are being left to the courts to decide.
The lawsuits contend that CHS failed to implement appropriate security measures to protect the data of its patients and that its negligence in this respect allowed hackers to access its patient database.
With victims of identity theft as well as those who believe themselves to be at risk being encouraged to claim damages it is likely that more class action lawsuits will soon follow. However, recent court cases have made it clear to would be plaintiffs that actual loss or damage must have been suffered in order for damages to be applicable. Plaintiffs who have not been the victim of identity theft or suffered financial losses are not being viewed favorably by the courts.
One class action lawsuit also alleges diminished value of services as a result of the data security incident, while the slow response to the discovery of the data breach and the delay in notifying victims appears to be a major focus in the lawsuits.
This is the second major financial hit that CHS has taken this year having agreed on a $98 million settlement with the Department of Justice after irregularities were found in its billing practices. The data breach is likely to cost CHS up to $150 million in fines and lawsuits, while the effect that this year – and the data breach in particular – will have on the company’s reputation is impossible to calculate.