BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Law firms see big money in healthcare breach cases (fwd)

From: security curmudgeon <jericho () attrition org>
Date: Fri, 20 Apr 2012 21:21:52 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.csoonline.com/article/704288/law-firms-see-big-money-in-healthcare-breach-cases

By Taylor Armerding
CSO
April 16, 2012

Cybercriminals are not the only ones looking to make money from health 
data breaches.

In California, where a unique state law provides for damages of $1,000 per 
person per violation of the Confidentiality of Medical Information Act of 
1981 (CMIA), plaintiff law firms are lining up to file privacy data breach 
class-action lawsuits against hospitals, medical service providers and 
health insurers that, if successful, could easily yield payouts in the 
multiple millions.

The San Francisco-based legal publication The Recorder reported April 6 
that at least a half-dozen plaintiff firms had filed complaints for 
privacy breaches so far, seeing it as a lucrative new source of income.

Brian Kabateck of the Los Angeles plaintiffs firm Kabateck Brown Kellner 
told The Recorder, "There's an awful lot at stake here."

Indeed, a suit pending against St. Joseph Health System involves the 
exposure of medical information of about 31,800 patients. At $1,000 each, 
even if only one violation is involved, it is simple math to see that 
would yield damages of $31.8 million.

But there is considerable distance between that gleam in a law firm's eye 
and reality. The attorneys filing the complaints and the attorneys 
defending their targets agree that they are in untested legal waters. 
Filing privacy breach cases as class actions is new, and all those 
involved say new legal precedents will be made in the next several years.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: