08/12/2021

Tannochbrae

Built Business Tough

Florida health system hit with proposed class-action lawsuit over data breach

A Florida resident has introduced a lawsuit from UF Health Central Florida just after a details breach possibly uncovered the information and facts of extra than seven-hundred,000 people today.

In accordance to the criticism, which was taken out to the U.S. District Court docket for the Middle District of Florida this past Thursday, Chrystal Holmes is accusing the program of failing to adequately safe and safeguard individually identifiable information and facts.  

“Despite the prevalence of general public bulletins of details breach and details stability compromises, UFHCF unsuccessful to take proper steps to protect the PII and PHI of [the] plaintiff and the proposed class from becoming compromised,” go through court files.  

Attempts to attain UFHCF for remark were being not effective.

WHY IT Issues  

As reported to the U.S. Division of Health and Human Services’ Business of Civil Legal rights, UFHCF knowledgeable a hacking incident before this calendar year foremost to the probable exposure of seven-hundred,981 individuals’ details.

Among May 29 and May 31, lousy actors received unauthorized obtain to UFHCF’s personal computer network.  

During that time period, stated a discover posted to the UFHCF web page at the close of July, client information and facts – such as names, addresses, dates of start, Social Safety numbers, wellness coverage information and facts, professional medical report numbers and client account numbers, as very well as restricted cure information and facts utilised for UF Health’s business functions – may perhaps have been obtainable.  

“Until notified of the breach,” Holmes and the other influenced people today in the proposed class “experienced no idea their PII and PHI experienced been compromised, and that they were being, and carry on to be, at major risk of id theft and several other sorts of private, social and economical harm,” go through the criticism. 

“The risk will continue to be for their respective lifetimes,” it continued.  

In accordance to court files, the reality that the incident took location indicates that UFHCF experienced not adhered to demanding stability protocols, such as people encouraged by the U.S. authorities.  

“The prevalence of the cybersecurity event signifies that defendants unsuccessful to adequately put into action … actions to protect against ransomware attacks,” stated the criticism.  

Holmes, through her legal professionals, argues that the information and facts compromised in the cybersecurity event is “substantially extra precious” than credit rating card information and facts.   

Rather, private information and facts these types of as title, address, day of start and Social Safety range “is unachievable to ‘close’ and tough, if not unachievable, to adjust,” go through court files.  

Holmes is accusing UFHCF of carelessness, breach of deal and breach of fiduciary obligation.  

“Plaintiff and class associates have a continuing fascination in guaranteeing that their information and facts is and stays safe and sound, and they really should be entitled to injunctive and other equitable reduction,” argued the criticism.  

THE Greater Development  

Many of the big cybersecurity incidents more than the past calendar year have been adopted by lawsuits accusing health care corporations of failing to adequately protect client information and facts.  

Earlier this calendar year, Scripps Health in San Diego faced a number of problems just after a ransomware incident led to a huge network shutdown.  

And in September, a cancer client sued UC San Diego Health more than a stability breach that possibly uncovered the personal information and facts of 495,949 people.  

ON THE History  

“The ramifications of UFHCF’s failure to hold safe UFHCF’s present-day and previous patients’ PII and PHI are long long lasting and severe,” stated the criticism. “The moment PII and PHI is stolen, specifically Social Safety numbers, fraudulent use of that information and facts and damage to victims may perhaps carry on for years.”

Kat Jercich is senior editor of Health care IT Information.
Twitter: @kjercich
Email: [email protected]
Health care IT Information is a HIMSS Media publication.