While the healthcare industry looks at 2014 as the year to strengthen breach prevention and data protection initiatives, experts predict that Healthcare breach suits will be common this year. And true to this fact, dozens of lawsuits have already been filed in the case of the Target breach, which involved theft of two unencrypted laptop computers that affected nearly 840,000 individuals.
Adding to the number, is a class action lawsuit filed against insurer Horizon Blue Cross Blue Shield of New Jersey, following a data breach which occurred late last year. This lawsuit will be one among the many breach-related suits in healthcare and other industries, to be filed this year.
Horizon had notified 840,000 members about the breach incident. The affected members, whose social security numbers may have been compromised, are being offered free credit monitoring and identity theft protection for one year, according to the company. However, the plaintiffs in the case, Karen Pakelney and Mark Meisel are suing the insurance company for failing to secure and safeguard sensitive, personally identifiable information adequately. They have alleged the insurer of acting negligently and of violating the Fair Credit Reporting Act and the New Jersey Consumer Fraud Act, and are seeking unspecified damages.
However, according to a Horizon Spokesperson, the lawsuit is without merit, and the company intends to defend itself vigorously. But one thing is for sure. This lawsuit opens the floodgates to many more such breach-related lawsuits, and it can be expected that settlements in such cases could be substantial.
David Navetta of the Information Law Group points out to the court ruling in 2011 in favor of the payment card breach victims who were affected by the 2007 breach involving Hannaford, a grocery chain in northwestern United States. He says that the ruling in this case meant that victims of the breach could sue for damages resulting from the costs of card replacement, theft, insurance and other reasonable mitigation efforts, and emphasizes that government enforcement actions related to breaches are heating up in healthcare.
According to Navetta, breaches such as the one involving Horizon and the recent complaint filed by the Federal Trade Commission against the medical testing firm LabMD, highlight the importance of data protection and prompt breach notification, and also bring the importance of cyber-insurance to the forefront. He points out that such cases could turn out to be very expensive to fight, and could potentially put small healthcare entities out of business. LabMD for example, had announced in January this year that its Atlanta-based medical testing lab would be winding down operations because of the cost of fighting the battle with the Federal Trade Commission over the breach case.
It does look very likely that 2014 will be the year of lawsuits for the healthcare sector as predicted by experts. However, the most important lesson for healthcare providers to take home is that data protection and breach prevention are to be taken with utmost seriousness. Providers have to adopt comprehensive security solutions such as Aegify Security Posture Management or Aegify SecureGRC in order to be able to identify vulnerabilities and detect threats in their systems and prevent breaches, rather than facing legal action and suffering dire consequences. The in-depth certification courses offered by 4Med could further strengthen your compliance understanding in remaining secure and compliant.