Law firms see big money in healthcare breach cases

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/704288/law-firms-see-big-money-in-healthcare-breach-cases

By Taylor Armerding
CSO
April 16, 2012

Cybercriminals are not the only ones looking to make money from health 
data breaches.

In California, where a unique state law provides for damages of $1,000 
per person per violation of the Confidentiality of Medical Information 
Act of 1981 (CMIA), plaintiff law firms are lining up to file privacy 
data breach class-action lawsuits against hospitals, medical service 
providers and health insurers that, if successful, could easily yield 
payouts in the multiple millions.

The San Francisco-based legal publication The Recorder reported April 6 
that at least a half-dozen plaintiff firms had filed complaints for 
privacy breaches so far, seeing it as a lucrative new source of income.

Brian Kabateck of the Los Angeles plaintiffs firm Kabateck Brown Kellner 
told The Recorder, "There's an awful lot at stake here."

Indeed, a suit pending against St. Joseph Health System involves the 
exposure of medical information of about 31,800 patients. At $1,000 
each, even if only one violation is involved, it is simple math to see 
that would yield damages of $31.8 million.

But there is considerable distance between that gleam in a law firm's 
eye and reality. The attorneys filing the complaints and the attorneys 
defending their targets agree that they are in untested legal waters. 
Filing privacy breach cases as class actions is new, and all those 
involved say new legal precedents will be made in the next several 
years.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org