HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Healthcare Industry Tops List for Class Action Data Breach Lawsuits

In 2016, the healthcare industry faced the most class-action data breach lawsuits, according to a new analysis of data breach lawsuits by the law firm, Bryan Cave, LLP, although the risk of litigation following a breach is still relatively low.

To produce the 2017 data breach litigation report, Bryan Cave conducted a comprehensive review and analysis of all class action lawsuits filed by victims of data security breaches in 2016.

The report explains that while there is always a threat of legal action being taken by data breach victims, the risk of a company facing litigation following a data breach is fairly low due to the difficult plaintiffs have establishing an injury has been caused.

Year over year, there was a slight (7%) increase in class action lawsuits filed against companies that have experienced a data breach although there was a fall in the number of breaches that resulted in lawsuits. The report shows only 3.3% of data breaches in 2016 resulted in class action lawsuits compared to between 4%-5% in previous years.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In total, 76 class actions were filed in 2016 as a result of data breaches. Bryan Cave points out that those lawsuits were clustered around the same breaches – High-profile data breaches affecting individuals throughout the country. Out of those 76 lawsuits, there were 27 unique defendants.

The report confirms that the healthcare industry reported the most data breaches of any industry – 70% of the total – yet only 34% of class action lawsuits name healthcare organizations as the defendants. Healthcare was the leading industry for class action data breach lawsuits (26 complaints), closely followed by email providers with 33%. The figures for email service providers was heavily influenced by the disclosure of two massive data breaches by Yahoo! Restaurants were in third place with 11% of the total followed by the retail industry with 7%. Healthcare data breach lawsuits fell slightly year over year.

Lawsuits are most commonly filed following the exposure or theft of sensitive information such as Social Security numbers, medical data, health insurance information, and security Q&As – 89% of class action lawsuits resulted from data breaches where these types of information were exposed or stolen. 65% of the lawsuits alleged negligence as the primary theory.

Data breach lawsuits are most commonly filed in the Northern District of California (32%), followed by the Middle District of Florida (11%), the District of Arizona (11%), and the Western District of Pennsylvania (7%).

The 2017 Data Breach Litigation Report can be found on this link.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.