Home Health HCA Healthcare sued for recent data breach

HCA Healthcare sued for recent data breach

by News7

Just one week after HCA Healthcare reported a data theft that affected more than 170 of its hospitals and could impact more than 11 million of its patients, the sprawling Nashville-based health system is facing a class action lawsuit for the breach.


According the lawsuit, filed in U.S District Court in Middle District of Tennessee, plaintiffs Gary Silvers and Richard Marous, two HCA patients living in Florida, “seek monetary damages and injunctive and declaratory relief” arising from HCA’s failure to safeguard the personally identifiable information and protected health information of the patients of “hospitals and physician groups it owned or operated, which resulted in unauthorized access to its information systems on or around June 2023.”

The plaintiffs allege that HCA “did not use reasonable security procedures and practices appropriate to the nature of the sensitive information it was maintaining” for its patients and customers, such as encrypting the data or deleting it when it’s no longer needed.

The exposure of this private information occurred when an attacker “accessed and acquired files” in HCA’s computer systems, the suit alleges, containing unencrypted information including names, dates of birth and appointment information.

The lawsuit says that, given that data thieves “regularly target entities in the healthcare industry,” HCA “should have known” of the risk of a cyberattack.

“Defendant knew and understood that unprotected Private Information is valuable and highly sought after by criminal parties who seek to illegally monetize that Private Information through unauthorized access,” according to the plaintiff’s suit.

It points to a “substantial increase in cyberattacks and/or data breaches” targeting healthcare entities like HCA as evidence.

“For example, of the 1,862 recorded data breaches in 2021, 330 of them, or 17.7%, were in the medical or healthcare industry,” the plaintiff’s attorneys write. “The 330 breaches reported in 2021 exposed nearly 30 million sensitive records (28,045,658), compared to only 306 breaches that exposed nearly 10 million sensitive records (9,700,238) in 2020.”


Lawsuits in the wake of large healthcare data breaches are becoming much more common as many more major organizations – providers, payers, vendors and others – find themselves reporting incidents involving the PII and PHI of millions of their customers. For instance, Community Health Systems is another major Tennessee provider network that has been sued after a breach exposed the data of about one million of its patients

Harvard Pilgrim health plan’s parent company, Point32Health, is defending against multiple class action lawsuits after a recent ransomware attack.

NextGen was recently sued in federal court after plaintiffs alleged the EHR provider didn’t follow proper guidelines for protecting patient data.

This month has seen more than one lawsuit filed against Johns Hopkins, after the Baltimore-based health system was the target of a ransomware attack in which the Clop ransomware group exploited a vulnerability in Progress Software’s MOVEit MFT tool

Pennsylvania-based Lehigh Valley Health Network is another hospital system facing a class action suit, which is still in progress despite some changes in jurisdiction.

But, as HIPAA Journal points out: “Healthcare data breach lawsuits often hinge on whether there has been a concrete injury that more than likely was caused by a specific data breach. Lawsuits that only allege a risk of identity theft and fraud are unlikely to be granted standing.”


“HCA Healthcare reported this event to law enforcement and retained third-party forensic and threat intelligence advisors,” the health system said in a statement. “While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident.

“The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations,” HCA officials added, “and will offer credit monitoring and identity protection services, where appropriate.”

Mike Miliard is executive editor of Healthcare IT News

Email the writer: [email protected]
Healthcare IT News is a HIMSS publication.

Source : Healthcare IT News

You may also like

HCA Healthcare sued for recent data breach- https://www.expert-plus.fr 1  https://www.jardinages.info 1  https://newshealth.biz 1  https://www.chaussure.biz 1  https://salt-t.net 1  https://www.collegae.net/ 1  https://www.deguisements-fetes.fr/ 1  https://dedalusweb.fr 1  -/- Ensemble d’outils de tournevis de sécurité 3.8mm + 4.5mm adapté pour Nintendo NES SNES N64 Game Boy SNES 2  Wegovy Heart Benefits Will Help Payer Discussions: Novo Nordisk 2  Luxspire Vanity et Trousses à Maquillage, Makeup Étui de Rangement Cosmétique Portable Étanche, Trousse de Toilette Femme Sac de Rangement avec Séparateur Ajustable, S Noir 2  -*- Flaubert : Correspondance, tome 3 Janvier 1859 – Décembre 1868 3  Ortega ruk12fmh Ukulélé ténor (geflammtes Acajou, Housse de luxe) 3  */* What the Supreme Court’s Decision to Hear the Purdue Pharma Case Means 4  Days After $21 Million Achievement, Terence Crawford Addresses His Name Being Echoed With Floyd Mayweather 4  The U.S. women’s soccer team did us proud 4  * F&M Fashion , Salle de bal homme 5  Rugby : un joueur de Cergy traverse la France en bus pour faire les fêtes de Nérac avec ses … 5  HCA Healthcare sued for recent data breach *HCA Healthcare sued for recent data breach

news7.asia HCA Healthcare sued for recent data breach