Dive Brief:
- Patients affected by the Community Health Systems data breach have begun filing lawsuits against the organization. At least two separate class-action suits contend the provider’s inability to implement and follow routine security procedures allowed hackers to get their personal information.
- In August, the hospital chain disclosed that its data system had been breached by a group of Chinese hackers and the Social Security numbers, birth dates, names and other sensitive information of 4.5 million patients had been compromised. The health system, owner of 206 hospitals across the country, provided patients whose information had been breached free identity protection services for a year.
- The current lawsuits were filed on behalf of five Alabama residents and all other patients affected; another suit was filed on behalf of patient Briana Brito of San Miguel County, New Mexico and all other patients. The suits claim that patients who have been victims of identity theft and those who are at risk should receive damages. Courts have recently, however, made it more difficult to win a lawsuit if no actual identity theft has occurred. The second suit also alleges that the value of services provided at the system were diminished because of the breach.
Dive Insight:
This has clearly been a bad year for Community Health Systems. In August, the organization agreed on a settlement of $98 million with the Department of Justice, which was looking into its billing practices. Forbes columnist Dan Munro estimates the cost of the breach to the health system to be, conservatively, between $75 million and $150 million.
Munro tallied the five major costs of this kind of breach to be remediation, fines for HIPAA violations, identity theft protection for patients, lawsuit defense and (maybe the most expensive one) the hit to the organization’s reputation.