What is the risk of a possible class action against CommonSpirit?  - MedCity News

Cheers to CommonSpiritone of the nation’s largest health systems is facing a proposal class action court trial because of a ransomware attack it suffered last fall.

How dangerous this is for an already strained healthcare system challenging finances? At least one lawyer believes that, like many lawsuits after a data breach, it will be settled out of court.

“It’s almost axiomatic,” said David Balser, a partner at the Atlanta law firm King & Spalding. “If a data breach is declared, a lawsuit will follow – whether the claims are valid or not.”

This litigation is being conducted by Leeroy Perkins, who is one of 623,774 patients notified by the health system that their data was compromised in a ransomware attack. Perkins filed the complaint on December 29 against CommonSpirit, a nonprofit health system headquartered in Chicago. Perkins was a patient in Seattle Virginia Mason Franciscan Healthone of the subsidiaries of CommonSpirit, since 2003.

CommonSpirit operates 140 hospitals and more than 1,000 care locations in 21 states, according to its website. The health system is unresponsive MedCity News” request for comment on the case.

An unauthorized third party gained access to “certain portions of the CommonSpirit network” from September 16 to October 3, according to notice the health system publicizes the data breach. During this time CommonSpirit experienced Stay in the EHR and suffer cancellations of appointments in the network of hospitals.

The disclosed patient information included names, addresses, phone numbers, dates of birth and “a unique identifier used only internally by the organization,” according to CommonSpirit’s notice. The health system said there was “no evidence” that any of that personal information was misused as a result of the cybersecurity incident.

The lawsuit alleges that the health system “failed to properly implement basic data security practices” and did not “implement reasonable and appropriate measures” to protect against unauthorized access to patient data. The complaint also says this negligence left patients vulnerable to identifying theft and financial fraud.

In his complaint, Perkins sought class action status. He also sought damages, restitution, all other forms of equitable monetary relief, as well as declaratory and injunctive relief.

However, the majority of hospital data breach lawsuits are settled, Balser announced. That’s because there has to be “some specific harm or injury” for the case to go to court, he said.

The mere fact that information was accessed by ransomware attackers does not automatically create a claim for a plaintiff, Balser pointed out. He also said health systems typically have insurance that will begin to cover data breach claims.

Last year, Balser represented Capital One in a data breach lawsuit. The company faced a lawsuit over a 2019 data breach that exposed the information of more than 100 million customers, and the banking giant eventually issued $190 million class action settlement. Balser said that to his knowledge, this case has gone further than any other data breach case. It went all the way through class certification and summary judgment, but the case decided before the court could advance any of those claims.

“After all, there is no data breach case that I know of that has gone to court. Either the defendant will throw out the case or it will be resolved,” he said.

Photo: Valery Evlakhov, Getty Images

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *