Florida health system hit with proposed class-action lawsuit over data breach

A Florida resident has brought a lawsuit versus UF Well being Central Florida right after a details breach perhaps uncovered the information and facts of extra than seven-hundred,000 individuals.

In accordance to the complaint, which was eliminated to the U.S. District Courtroom for the Middle District of Florida this previous Thursday, Chrystal Holmes is accusing the process of failing to adequately protected and safeguard individually identifiable information and facts.  

“Inspite of the prevalence of public announcements of details breach and details protection compromises, UFHCF unsuccessful to acquire appropriate ways to shield the PII and PHI of [the] plaintiff and the proposed class from currently being compromised,” study court files.  

Attempts to reach UFHCF for remark were being not prosperous.

WHY IT Matters  

As claimed to the U.S. Department of Well being and Human Services’ Place of work of Civil Legal rights, UFHCF professional a hacking incident earlier this year top to the probable publicity of seven-hundred,981 individuals’ details.

Among May possibly 29 and May possibly 31, negative actors obtained unauthorized access to UFHCF’s computer network.  

For the duration of that time period, reported a recognize posted to the UFHCF web-site at the close of July, patient information and facts – including names, addresses, dates of start, Social Stability figures, health insurance information and facts, clinical report figures and patient account figures, as effectively as restricted therapy information and facts utilised for UF Health’s business enterprise operations – may have been accessible.  

“Until finally notified of the breach,” Holmes and the other afflicted individuals in the proposed class “experienced no idea their PII and PHI experienced been compromised, and that they were being, and keep on to be, at important risk of identity theft and various other sorts of personal, social and monetary harm,” study the complaint. 

“The risk will continue being for their respective lifetimes,” it ongoing.  

In accordance to court files, the reality that the incident took put implies that UFHCF experienced not adhered to rigorous protection protocols, including these proposed by the U.S. government.  

“The incidence of the cybersecurity celebration indicates that defendants unsuccessful to sufficiently apply … actions to avert ransomware assaults,” reported the complaint.  

Holmes, by her lawyers, argues that the information and facts compromised in the cybersecurity celebration is “significantly extra worthwhile” than credit history card information and facts.   

As an alternative, personal information and facts this sort of as title, handle, day of start and Social Stability amount “is unachievable to ‘close’ and tricky, if not unachievable, to adjust,” study court files.  

Holmes is accusing UFHCF of negligence, breach of deal and breach of fiduciary duty.  

“Plaintiff and class customers have a continuing desire in making sure that their information and facts is and stays protected, and they must be entitled to injunctive and other equitable aid,” argued the complaint.  

THE Bigger Craze  

Numerous of the big cybersecurity incidents above the previous year have been adopted by lawsuits accusing healthcare corporations of failing to sufficiently shield patient information and facts.  

Before this year, Scripps Well being in San Diego faced a number of complaints right after a ransomware incident led to a enormous network shutdown.  

And in September, a most cancers patient sued UC San Diego Well being above a protection breach that perhaps uncovered the private information and facts of 495,949 people.  

ON THE Record  

“The ramifications of UFHCF’s failure to keep protected UFHCF’s present and former patients’ PII and PHI are extensive long lasting and severe,” reported the complaint. “Once PII and PHI is stolen, specifically Social Stability figures, fraudulent use of that information and facts and harm to victims may keep on for several years.”

Kat Jercich is senior editor of Health care IT News.
Twitter: @kjercich
Email: [email protected]
Health care IT News is a HIMSS Media publication.