13 patient data breach lawsuits in the past year

Along with the uptick in cybersecurity incidents at hospitals and health systems, patients have begun to take action in response to their data potentially being mishandled. 

Here are 13 patient data breaches in the past year that have resulted in lawsuits filed by patients.

1. Four patients of different Montana hospitals filed a lawsuit last February alleging medical records company Ciox Health overcharged them for copies of their records.

2. Two patients filed a lawsuit last February against Hackensack (N.J.) Meridian Health alleging the health system failed to protect their information. In December 2019, Hackensack Meridian Health was forced to go into downtime procedures and reschedule a limited number of nonemergency procedures due to a ransomware attack. The health system ended up paying an undisclosed amount of money to gain decryption codes to restore its computer network.

3. Several patients involved in a data breach at Seattle-based UW Medicine sued the academic medical center last February claiming their protected health information was not properly safeguarded.

4. The mother of a former patient of Ann and Robert Lurie Children's Hospital of Chicago filed a lawsuit in May against the hospital over a medical records privacy breach. The mother alleged two former Lurie Children's employees wrongfully accessed her 3-year-old daughter's medical records.

5. An Indiana Court of Appeals reinstated a patient's claim in May that a Fort Wayne-based Parkview Health System is vicariously liable for the actions of an employee who viewed the patient's medical records and wrongfully shared the information.

6. Atlanta-based pediatric health system Aveanna Healthcare was sued in June over a 2019 data breach that affected more than 166,000 patients. The health system found multiple employee email accounts had unauthorized activity between July 9 and Aug. 24, 2019, affected more than 166,000 individuals and included Social Security numbers and birth dates.

7. West Des Moines, Iowa-based UnityPoint Health agreed to settle a proposed class-action lawsuit in June for $2.8 million. The suit stems from a 2017 phishing attack and a separate 2018 data breach that affected 16,429 patients and 1.4 million individuals, respectively.

8. A Florida orthopedic practice was sued in July for $99 million over a ransomware attack that exposed patients' protected health information.

9. A federal judge in Illinois in September dismissed the class-action lawsuit against the University of Chicago Medical Center and Google, which alleged HIPAA violations.

10. A former patient of St. Louis-based BJC HealthCare filed a class-action lawsuit in September against the health system over a cybersecurity incident. In May, BJC HealthCare reported three employees' email accounts were breached on May 5 and may have exposed personal health information.

11. Franklin, Tenn.-based Community Health Systems in October agreed to pay $5 million to settle a 2014 data breach that affected about 6.1 million patients.

12. A group of patients whose medical records were inappropriately accessed by a former Mayo Clinic employee moved to file a class-action lawsuit in November against the Rochester, Minn.-based health system for failing to safeguard their data.

13. A patient's guardian sued Rady Children's Hospital in January over the 2020 Blackbaud security breach, which affected 19,788 patients of the San Diego-based hospital.


Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars