Medical data breaches are more common in the health industry than any other sector. While this claim may be slightly biased, the health sector mandates strict reporting via the Health Insurance Portability and Accountability Act (HIPAA); and, the Act causes data breaches to be more likely reported.
Why do criminals target the healthcare industry?
Cyber criminals attempt to illegally obtain personal health information because this type of data has more value on the black market than other data, including credit card information. Wrongdoers can sell the personal health information or use it for their own personal gain.
While credit card credentials can sell for $1 to $2 on the black market, personal health information can be purchased for as much as $363. Personal patient data has more value to criminals because records of surgeries and illnesses can’t be changed, unlike credit card numbers or Social Security numbers.
Stolen personal health information is used nefariously by cyber criminals, who can create fake insurance claims and thereby allow for the purchase or resale of medical equipment. Other cyber thieves gain illegal access to prescriptions, which they sell or use themselves.
How do medical data breaches occur?
Breaches in the health industry can be caused by a wide range of incidents. Malware can steal data, and healthcare employees or other insiders can purposefully or accidentally disclose patient information. Laptops belonging to healthcare workers can be lost, compromising personal data.
While hacking events do occur, a vast majority of data breaches in the healthcare industry are due to accidental incidents. Data may be compromised as a result of expired security certificates, storing data with unsecured third-party vendors, or relaxed email security standards.
What personal health information is obtained?
Once a data breach has occurred, whether due to an accidental leak or a hacking event, the personal medical information of millions of patients may be exposed. Social Security numbers, financial information, medical tests, and diagnostic codes are types of data that can be disclosed.
What laws protect personal health information?
Health service providers are mandated by the Federal HIPAA Security Rule to safeguard electronic health records using both physical and electronic means of protection. When breaches of 500 or more records occur, the health service provider is legally bound to report it.
Reports must be made no matter how the personal health information was released. Whether the breach occurred as a result of a hacking incident, accidental disclosure, unauthorized internal access, lost or stolen devices, or ransomware infections, a report must be filed.
Who is liable for the data breach?
According to current privacy laws, the organization responsible for storing the personal health information of patients is responsible for ensuring its security. When a data breach occurs, this firm or organization is held liable, paying fines or damages if legal action is taken.
Can victims of data breaches be compensated?
Victims of data breaches should receive compensation. However, companies responsible for allowing a data breach may or may not be legally required to compensate victims. For example, if the data breach occurred because of the firm’s negligence, compensation is required.
Furthermore, the amount of compensation to victims of medical data breaches differs widely based on the type of personal health information leaked and whether or not the victims suffered identity theft or other types of fraud as a direct consequence.
In general, victims of a data breach can receive compensation to recover unauthorized charges to their account, damage to their credit, the cost for credit monitoring or repair, and the time and expenses to investigate and resolve cases of identity theft.
What are the legal options for victims of medical data breaches?
Individuals affected by a medical data breach can file a lawsuit against the company. However, in order for lawsuit to succeed in a court of law, the victims must show evidence that the company was negligent or violated US data breach laws.
A data breach class action lawsuit is the best route for victims of a medical data breach. By taking legal action against a large corporate defendant, victims can hold them accountable for subpar cybersecurity measures and help ensure the information of patients is better secured in the future.
Victims of data breaches should first confirm the data breach, then obtain the details surrounding the incident. Find out what personal information was exposed, and stay as protected as possible by closely monitoring all accounts. Then contact a law firm that specializes in data breaches.
Even if signs of identity theft are not readily apparent to victims of a data breach, stolen personal health information increases their risk in the future. A class action lawsuit brought about by multiple plaintiffs with the same dispute can justify the cost of litigation.
Anderson + Wanca
When you are informed that your personal health information has been compromised in a medical data breach, contact the experienced lawyers at Anderson + Wanca. Our law firm provides expert legal guidance to victims of data breaches and cybersecurity attacks.
Our skilled attorneys are knowledgeable about all areas of privacy laws and can help you file a class action data breach lawsuit. We handle all investigations and legal claims, thereby ensuring you receive the financial reimbursement to which you are legally entitled.
The consequences of a data breach may not be immediate. Victims may be subject to identity theft, compromised bank accounts, health insurance penalties, and stolen biometric data years after the initial data breach occurred. Our firm will determine if you are eligible for a settlement.
The data security attorneys at Anderson + Wanca will provide you with quality legal support and help you better understand how to proceed with a class action lawsuit. We vigilantly monitor all data breaches in order to help victims pursue their best legal options.
Rather than do nothing after a medical data breach, consult the lawyers at Anderson + Wanca. Companies have a responsibility to protect patient’s personal health information. Call us at our Chicago office and schedule a consultation with one of our experienced data security lawyers.