Share this article on:
In 2016, the healthcare industry faced the most class-action data breach lawsuits, according to a new analysis of data breach lawsuits by the law firm, Bryan Cave, LLP, although the risk of litigation following a breach is still relatively low.
To produce the 2017 data breach litigation report, Bryan Cave conducted a comprehensive review and analysis of all class action lawsuits filed by victims of data security breaches in 2016.
The report explains that while there is always a threat of legal action being taken by data breach victims, the risk of a company facing litigation following a data breach is fairly low due to the difficult plaintiffs have establishing an injury has been caused.
Year over year, there was a slight (7%) increase in class action lawsuits filed against companies that have experienced a data breach although there was a fall in the number of breaches that resulted in lawsuits. The report shows only 3.3% of data breaches in 2016 resulted in class action lawsuits compared to between 4%-5% in previous years.
In total, 76 class actions were filed in 2016 as a result of data breaches. Bryan Cave points out that those lawsuits were clustered around the same breaches – High-profile data breaches affecting individuals throughout the country. Out of those 76 lawsuits, there were 27 unique defendants.
The report confirms that the healthcare industry reported the most data breaches of any industry – 70% of the total – yet only 34% of class action lawsuits name healthcare organizations as the defendants. Healthcare was the leading industry for class action data breach lawsuits (26 complaints), closely followed by email providers with 33%. The figures for email service providers was heavily influenced by the disclosure of two massive data breaches by Yahoo! Restaurants were in third place with 11% of the total followed by the retail industry with 7%. Healthcare data breach lawsuits fell slightly year over year.
Lawsuits are most commonly filed following the exposure or theft of sensitive information such as Social Security numbers, medical data, health insurance information, and security Q&As – 89% of class action lawsuits resulted from data breaches where these types of information were exposed or stolen. 65% of the lawsuits alleged negligence as the primary theory.
Data breach lawsuits are most commonly filed in the Northern District of California (32%), followed by the Middle District of Florida (11%), the District of Arizona (11%), and the Western District of Pennsylvania (7%).