Plaintiffs filed the first of what will likely be many more proposed class action lawsuits against HCA Healthcare just two days after the hospital chain publicly disclosed a hacking incident involving the posting of information for potentially 11 million patients on a dark web forum.
Meanwhile, the Nashville, Tennessee-based company has yet to publicly address some important circumstances of the breach - including whether the compromise involved a third-party storage vendor and whether any HCA patients outside the U.S. were affected.
HCA, which last year reported revenue of more than $60 billion, operates 182 hospitals and 2,300 other medical care facilities in 20 U.S. states - plus a hospital in the United Kingdom (see: HCA Says Up to 11M Patients Affected by Email Data Hack).
The lawsuit filed yesterday in a Tennessee federal court by two affected HCA U.S. patients, Gary Silvers and Richard Marous, alleges that HCA was negligent in failing to safeguard their personal identifiable and protected heath information from unauthorized access and disclosure.
"Plaintiffs' and class members' private information is of great value to hackers and cybercriminals, and the data stolen in the data breach has been used and will continue to be used in a variety of sordid ways for criminals to exploit plaintiffs and class members and to profit from their misfortune," the proposed class action complaint alleges.
The lawsuit, which seeks monetary damages and injunctive relief requiring HCA to strengthen its data security systems and monitoring practices, will undoubtedly be followed by many similar proposed class action lawsuits in the weeks and months to come.
"Given the number of persons affected, it is likely that separate class actions may be filed and ultimately consolidated," said regulatory attorney Rachel Rose, who is not involved in the HCA litigation.
Read the full article HERE