Florida health system hit with proposed class-action lawsuit over data breach
A Florida resident has introduced a lawsuit from UF Wellness Central Florida immediately after a information breach perhaps uncovered the info of additional than seven hundred,000 folks.
According to the complaint, which was eradicated to the U.S. District Court docket for the Center District of Florida this previous Thursday, Chrystal Holmes is accusing the process of failing to appropriately protected and safeguard individually identifiable info.
“Regardless of the prevalence of community bulletins of information breach and information safety compromises, UFHCF failed to choose suitable actions to protect the PII and PHI of [the] plaintiff and the proposed class from remaining compromised,” examine court files.
Tries to achieve UFHCF for remark have been not productive.
WHY IT Issues
As reported to the U.S. Department of Wellness and Human Services’ Office of Civil Rights, UFHCF expert a hacking incident previously this calendar year top to the likely publicity of seven hundred,981 individuals’ information.
Amongst May possibly 29 and May possibly 31, undesirable actors attained unauthorized obtain to UFHCF’s computer community.
For the duration of that period of time, said a discover posted to the UFHCF website at the stop of July, affected person info – like names, addresses, dates of delivery, Social Stability numbers, overall health insurance info, clinical history numbers and affected person account numbers, as effectively as minimal therapy info applied for UF Health’s enterprise operations – may have been obtainable.
“Until notified of the breach,” Holmes and the other afflicted folks in the proposed class “experienced no idea their PII and PHI experienced been compromised, and that they have been, and go on to be, at important hazard of identity theft and various other types of individual, social and monetary damage,” examine the complaint.
“The hazard will stay for their respective lifetimes,” it ongoing.
According to court files, the reality that the incident took place suggests that UFHCF experienced not adhered to demanding safety protocols, like people suggested by the U.S. government.
“The event of the cybersecurity event suggests that defendants failed to sufficiently employ … measures to stop ransomware attacks,” said the complaint.
Holmes, by means of her lawyers, argues that the info compromised in the cybersecurity event is “drastically additional valuable” than credit history card info.
As an alternative, individual info this sort of as name, address, date of delivery and Social Stability range “is not possible to ‘close’ and complicated, if not not possible, to alter,” examine court files.
Holmes is accusing UFHCF of negligence, breach of agreement and breach of fiduciary responsibility.
“Plaintiff and class members have a continuing interest in making sure that their info is and stays protected, and they should be entitled to injunctive and other equitable relief,” argued the complaint.
THE More substantial Trend
Several of the significant cybersecurity incidents over the previous calendar year have been followed by lawsuits accusing health care companies of failing to sufficiently protect affected person info.
Earlier this calendar year, Scripps Wellness in San Diego faced a number of issues immediately after a ransomware incident led to a significant community shutdown.
And in September, a most cancers affected person sued UC San Diego Wellness over a safety breach that perhaps uncovered the personal info of 495,949 patients.
ON THE Report
“The ramifications of UFHCF’s failure to continue to keep protected UFHCF’s latest and previous patients’ PII and PHI are lengthy lasting and critical,” said the complaint. “The moment PII and PHI is stolen, especially Social Stability numbers, fraudulent use of that info and hurt to victims may go on for many years.”
Kat Jercich is senior editor of Healthcare IT Information.
Twitter: @kjercich
Email: [email protected]
Healthcare IT Information is a HIMSS Media publication.
