Logan Health Facing Class Action Lawsuit Over Data Breach

What is a HIPAA Subpoena

Share this article on:

Legal action is being taken against Logan Health and subsidiary, sister, and related entities over a data breach that occurred in 2021 and affected 213,543 Logan Health Medical Center patients.

The class action lawsuit was filed in the U.S. District Court for the District of Montana Great Falls Division by law firm Heenan & Cook on behalf of plaintiff Allison Smeltz and all similarly affected individuals over the alleged failure of the health system to protect the plaintiff’s and class members’ sensitive personal information.

The data breach in question was reported by Logan Health in February 2022, with its investigation confirming unauthorized individuals had access to its system between November 18, 2021, and November 22, 2021. Hackers gained access to a single file server housing files that contained patients’ protected health information such as names, contact information, insurance claim information, date(s) of service, medical bill account number, and health insurance informa­tion. Logan Health said it had found no evidence of misuse of patient data, offered affected individuals complimentary credit monitoring and identity protection services, and said it is implementing additional measures to prevent similar data breaches.

According to the lawsuit, the cyberattack and data breach were due to the failure of Logan Health to “implement adequate and reasonable training of employees and/or procedures and protocols,” and claims Logan Health and the other defendants should have been aware of the value of protected health information to hackers and the risk of data breaches, given the number of breaches now being reported and the warnings from Federal agencies to the healthcare industry.

The lawsuit points out that data breach was one of several to have affected Logan Health. Logan Health reported another breach in January 2021 that affected 2,081 Montanans, and another in 2019 that affected 126.805 Montanans when Logan Health was operating as Kalispell Regional Healthcare.

The lawsuit claims that as a direct result of the failure to prevent the data breach, victims have suffered and will continue to suffer damages, including the compromise, publication, theft and/or unauthorized use of their PII/PHI, out-of-pocket costs from the prevention, detection, recovery, and remediation from identity theft or fraud, lost opportunity costs and lost wages, and the continued risk to their PII/PHI from the failure of Logan Health to implement appropriate safeguards to protect against data breaches.

The lawsuit cites several causes of action, including negligence, invasion of privacy, breach of implied contract, unjust enrichment, and violations of the Montana Consumer Protection Act, and alleges Logan Health had failed to comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

The lawsuit seeks class action status, a jury trial, injunctive relief, compensatory, statutory, and punitive damages, and attorneys’ fees.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On