HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Roper St. Francis Healthcare Faces Class Action Lawsuit Over Data Breach

Roper St Francis Healthcare is facing a class action lawsuit over an October 2020 data breach in which patient data was allegedly stolen. The lawsuit alleges negligence for the failure to protect the private data of its patients.

Between October 14 and 29, 2020, unauthorized individuals gained access to the email accounts of three of its employees. Those accounts contained the protected health information of around 190,000 patients. PHI in the compromised email accounts included financial and medical information.

This was far from the only data breach to have affected Roper St. Francis Healthcare in the past 18 months. Prior to the October 2020 phishing attack, Roper St. Francis reported two data breaches in September, one of which was a phishing attack that affected 6,000 individuals and the other was a ransomware attack on its vendor Blackbaud, which affected around 92,963 Roper St. Francis patients. Prior to those breaches, a breach was reported on January 29, 2010 as affecting 35,253 individuals.

According to the lawsuit, “At all relevant times, Roper knew the data it stored was vulnerable to cyberattack based upon these repeated and ongoing data breaches.”

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The lawsuit, which was filed by The Richter Firm, The Solomon Law Group, Slotchiver & Slotchiver, LLC and Brent Souther Halversen, LLC, seeks economic and non-economic damages for the plaintiff and class members, compensatory, consequential, and actual damages, statutory and injunctive relief, punitive damages, and reimbursement for interest, costs, and reasonable attorneys’ fees.

“We merely seek to hold Roper accountable for its continued negligent actions in allowing these preventable data breaches from happening and to compensate current and former patients for the harm inflicted,” said Attorney Brent Halversen. “We seek to provide all patients whose private data was compromised credit monitoring services as partial compensation for the harm each has suffered, not just the hand full that Roper thinks are the worst cases.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.