Alere Home Monitoring data breach class suit thrown out

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2014/10/09/alere-home-monitoring-data-breach-class-suit-thrown-out/

By Patrick Ouellette
Health IT Security
October 9, 2014

Nearly two years after Alere Home Monitoring, Inc. reported that an 
employee’s password-protected laptop was stolen from their car and 116,000 
patients’ data was potentially compromised, a California federal judge 
threw out a possible class action suit that sought $116 million in 
damages.

Law360 reports that U.S. District Judge Jon S. Tigar found no liability 
for the negligent release of stolen medical information under California’s 
Confidential Medical Information Act (CMIA). According to the report, 
plaintiffs were given 21 days to refile an amended complaint.

“These two California Court of Appeal decisions are the only published 
opinions interpreting this California statute statutory law, and 
plaintiffs have cited no other data that would persuade this federal court 
sitting in diversity that the California Supreme Court would necessarily 
decide the issue otherwise,” Judge Tigar wrote.

Alere’s 2012 breach exposed home monitoring patients’ names, addresses, 
dates of birth, Social Security numbers and diagnosis codes. For context, 
there are a lot of patients who use Alere products through Medicare 
coverage, explaining why the scope of the breach was so large. The 
patients involved in the class suit used Alere’s International Normalized 
Ratio (INR) products at home for bleeding and blood clot tests, with the 
information to be transmitted between the patient and physician.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/