Healthcare providers are responsible for guarding the health and well-being of their patients. Still, they also have an essential duty to protect the personal information they collect in the process.
And precisely because doctors’ offices, hospitals, and other health service providers handle so much personal information, they can be the target of attacks by cybercriminals. These attacks have been on the rise, and businesses of all kinds need to take steps to protect themselves and their clients and respond appropriately when a breach occurs.
A recent reminder came when a New Jersey company was hit with a class action suit after a data breach occurred in which patients’ personal data was exposed online, leaving them vulnerable to identity theft.
The class action suit
The company in question is Capital Health Systems, which owns hospitals in Trenton and Hopewell, New Jersey. It announced on November 29th that its data network had been targeted in a cyberattack, according to a suit filed on behalf of a putative class of individuals by the law firm Kopelowitz Ostrow Ferguson Weiselberg Gilbert.
While Capital Health Systems allegedly failed to notify its patients of the data breach, some have already experienced repercussions. The only person named in the suit is a longstanding patient who has undergone treatments and surgeries at Capital Health Systems facilities and claims to have suffered losses due to the breach.
The plaintiff and class representative claim to have experienced “damage and diminution in the value of private information, a form of property that Capital Health acquired from him; violation of privacy rights; and present, imminent and impending injury arising from the increased risk of identity theft and fraud.”
This case is still being tried, and the outcome isn’t yet known, but it points to a serious liability for this company. CHS could be on the line for significant penalties and legal fees, which should concern all healthcare providers who handle sensitive patient information.
How does a data breach at a hospital take a toll on patients?
According to the suit, “Cyber-criminals can cross-reference two sources of PHI [Personal Health Information] to marry unregulated data available elsewhere to criminally stolen data with an astonishingly complete scope and degree of accuracy to assemble complete dossiers on individuals. These dossiers are known as ‘Fullz’ packages.”
Because of this vulnerability, when hospitals are hacked into by cybercriminals, class action lawsuits often result, according to Law.com.
The loss of PHI can be highly detrimental to individuals. These types of information can be broad, including but not limited to:
- Billing information
- Emails to your provider’s office about a prescription
- Appointment scheduling confirmation with your doctor’s office
- A CT scan results
- Blood test results
- Phone records
Therefore, businesses, including healthcare providers, are responsible for guarding it from exposure, loss, and misuse. It’s always recommended that these facilities follow data security best practices and have a comprehensive plan to respond to cyber threats, including regular data security audits.
If a data breach occurs, companies must take swift action and engage legal counsel that can help them respond wisely to guard against lawsuits and other undesirable outcomes.
Representation is the key
Having a business attorney on your side is a proactive measure to mitigate damage after a data breach. Talking to an attorney in advance helps to avoid missteps like those of Capital Health, which didn’t immediately inform its clients of the breach.
At Stark & Stark, our knowledgeable and compassionate lawyers have a proven record of representing New Jersey Clients in wide-ranging civil and criminal lawsuits.
Contact us today to schedule a consultation.
