A Florida resident has brought a lawsuit in opposition to UF Well being Central Florida immediately after a details breach potentially uncovered the data of much more than 700,000 people.
According to the criticism, which was taken out to the U.S. District Courtroom for the Middle District of Florida this past Thursday, Chrystal Holmes is accusing the program of failing to adequately secure and safeguard individually identifiable data.
“Irrespective of the prevalence of public announcements of details breach and details security compromises, UFHCF unsuccessful to choose correct ways to secure the PII and PHI of [the] plaintiff and the proposed course from being compromised,” browse courtroom files.
Attempts to arrive at UFHCF for remark ended up not prosperous.
WHY IT Issues
As reported to the U.S. Office of Well being and Human Services’ Place of work of Civil Legal rights, UFHCF seasoned a hacking incident before this year major to the potential exposure of 700,981 individuals’ details.
Between May perhaps 29 and May perhaps 31, terrible actors gained unauthorized entry to UFHCF’s computer system network.
During that period of time, said a recognize posted to the UFHCF web site at the close of July, affected individual data – which includes names, addresses, dates of beginning, Social Safety quantities, health coverage data, medical record quantities and affected individual account quantities, as properly as minimal therapy data used for UF Health’s business enterprise functions – may possibly have been accessible.
“Until eventually notified of the breach,” Holmes and the other afflicted people in the proposed course “had no thought their PII and PHI had been compromised, and that they ended up, and go on to be, at sizeable danger of identification theft and various other forms of personal, social and economic hurt,” browse the criticism.
“The danger will continue to be for their respective lifetimes,” it ongoing.
According to courtroom files, the simple fact that the incident took spot suggests that UFHCF had not adhered to rigorous security protocols, which includes people proposed by the U.S. governing administration.
“The event of the cybersecurity event signifies that defendants unsuccessful to sufficiently apply … measures to avoid ransomware assaults,” said the criticism.
Holmes, via her lawyers, argues that the data compromised in the cybersecurity event is “considerably much more worthwhile” than credit card data.
Rather, personal data these types of as identify, deal with, date of beginning and Social Safety selection “is unattainable to ‘close’ and tough, if not unattainable, to adjust,” browse courtroom files.
Holmes is accusing UFHCF of negligence, breach of contract and breach of fiduciary responsibility.
“Plaintiff and course users have a continuing curiosity in guaranteeing that their data is and stays safe, and they really should be entitled to injunctive and other equitable aid,” argued the criticism.
THE Greater Pattern
A lot of of the major cybersecurity incidents around the past year have been followed by lawsuits accusing health care businesses of failing to sufficiently secure affected individual data.
Previously this year, Scripps Well being in San Diego faced many complaints immediately after a ransomware incident led to a huge network shutdown.
And in September, a most cancers affected individual sued UC San Diego Well being around a security breach that potentially uncovered the personal data of 495,949 sufferers.
ON THE Document
“The ramifications of UFHCF’s failure to preserve secure UFHCF’s existing and former patients’ PII and PHI are lengthy long lasting and intense,” said the criticism. “Once PII and PHI is stolen, significantly Social Safety quantities, fraudulent use of that data and injury to victims may possibly go on for many years.”
Kat Jercich is senior editor of Health care IT Information.
Electronic mail: [email protected]
Health care IT Information is a HIMSS Media publication.