At least two class action lawsuits have now been filed against hospital chain Community Health Systems following hacking attacks that compromised HIPAA-protected information for 4.5 million patients.

CHS, with 206 hospitals in 29 states, in mid-August disclosed that its computer network had been hacked in April and June 2014, likely by a ring of hackers in China.  Breached data included Social Security numbers, names, addresses, birth dates and telephone numbers. The organization offered affected patients one year of paid identity protection services.

In August, the Alabama law firm Stewart & Stewart filed a class action lawsuit on behalf of five Alabama residents and the entire class of patients affected by the breach. Now, two law firms, Slack & Davis in Texas and The Branch Law Firm in New Mexico, have filed suit requesting class action status for a specific patient, Briana Brito of San Miguel County, as well as affected patients in the state and elsewhere.

“As a result of Defendants’ failure to implement and follow basic security procedures, Plaintiffs’ sensitive information is now in the hands of thieves,” the lawsuit contends. “Plaintiffs now face a substantial increased risk of identity theft, if not actual identity theft. Consequently, Defendants’ patients and former patients will have to spend significant time and money to protect themselves.”

In recent months, courts have made it more difficult for plaintiffs to win healthcare breach lawsuits without proof of actual harm having been incurred. However, the New Mexico lawsuit against Community Health System might have a back door if the first argument alleging risk of identity theft does not prevail. The suit also alleges that plaintiff Brito received a “diminished value” of the services she paid CHS to provide.

“Plaintiff contracted for services that included a guarantee by Defendants to safeguard her personal information and, instead, Plaintiff received services devoid of these very important protections,” according to the lawsuit. “Accordingly, Plaintiff alleges claims for breach of contract, unjust enrichment, money had and received, negligence, negligence per se, violation of the New Mexico Unfair Trade Practices Act, and breach of confidence.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access