Health Data Breaches
The healthcare industry has become a frequent victim of various cyber attacks in an attempt to steal patient data. Health data stolen in these attacks are frequently sold on the dark web and used for fraud. Because of this, the monthly average of class actions lawsuits filed against these companies has roughly doubled in the past year. Greater reliance on technology in the healthcare industry could lead to an increased risk of data breaches. Large healthcare providers make for good targets because of their willingness to pay a ransom to facilitate the data’s return. Certain regulations apply to the healthcare industry which mandate the release of breach notifications to those parties affected. As a result, plaintiff attorneys are able to quickly identify these large security breaches and pull together members of the class.
Building the Class
Greater than 41 million people have had their data exposed as a result of these cyber attacks this year alone. Subsequently, those who have had their data exposed have come together to seek potential restitution for this exposure. Through the formation of classes, the victims stand together in solidarity to work to recover their relevant damages. Consequently, these classes assert claims of negligence against the healthcare providers, claiming a breach of the duty of privacy established by HIPAA. Classes of plaintiffs may even begin to expand as new laws and regulations make their way through bureaucracies.
Expansion of the Universe
These class actions may grow even wider should the Federal Trade Commission continue their work on a new proposal. This proposal would seek to require healthcare providers not subject to HIPAA to report these data breaches. Consequently, the universe of class members would increase significantly, potentially increasing the settlement amounts with it. Additionally, the growing concern for privacy among consumers leads more victims to seek protection through the use of litigation. The plaintiffs seek a swift resolution, however the courts have often failed to adequately provide dispositive resolutions of law.
Resolution of the Claims
These data breach cases provide for several open questions of law which must be answered to swiftly resolve them en masse. For example, was the harm suffered by the plaintiffs even a direct result of the breach. Until courts rule on these questions of law, classes and settlements alike will continue to expand out of control.