A local attorney finds a nonprofit healthcare provider's data theft breach that impacted 1.3 million patients and employees deeply concerning.
Three proposed federal class action lawsuits were filed against Tampa General Hospital in the U.S. District Court for the Middle District of Florida alleging that Tampa General Hospital was negligent in securing patients' sensitive health and personal identifiable information from cybercriminals.
“The heart of these lawsuits revolves around the claim that the healthcare provider was negligent in safeguarding the personal and health information of its patients and staff,” said Attorney Mike Schmidt.
Tampa General Hospital is also known as Florida Health Sciences Center Inc.
“The filing of multiple federal class action lawsuits within such a short span underscores the gravity of the situation,” Schmidt told the Florida Record. “It is crucial to establish whether Tampa General Hospital had indeed taken appropriate measures to secure the sensitive information they were entrusted with.”
The hospital reported the incident to the Department of Health and Human (DHHS) on July 28 after it had detected unusual activity on its systems on May 31 and thwarted an attempt by attackers to encrypt the organization's IT systems, according to media reports.
“Such breaches not only jeopardize individuals' privacy and security but also erode trust in the healthcare system as a whole,” Schmidt said in an interview. “The plaintiffs will likely argue that the hospital's alleged failure to implement adequate cybersecurity measures and protocols constitutes a breach of their duty to protect patient data.”
Claims against the hospital include negligence, negligence per se, breach of implied contract, unjust enrichment, and violation of the consumer protection laws of Florida.
The plaintiffs seek declaratory and injunctive relief as well as actual, compensatory, punitive, and nominal damages with attorneys’ fees, costs, and expenses, and appropriate injunctive and relief.
"Plaintiff and Class Members are now at a significantly increased risk of fraud, identity theft, misappropriation of health insurance benefits, intrusion of their health privacy, and similar forms of criminal mischief, which risk may last for the rest of their lives," the Aug. 8 complaint states. "Consequently, Plaintiff and Class Members must devote substantially more time, money, and energy protecting themselves, to the extent possible, from these crimes."
Those protections include closely monitoring their medical statements, bills, records, credit and financial accounts as well as changing login and password information more frequently, carefully screening and scrutinizing phone calls, emails, and other communications to ensure that they are not being targeted in a social engineering or spear phishing attack, and procuring suitable identity theft protection and credit monitoring services.
"It is essential for Tampa General Hospital to respond in a transparent and responsible manner," Schmidt added. "This includes cooperating with investigations, disclosing accurate information about the breach's scope, and taking tangible steps to enhance their cybersecurity infrastructure to prevent such incidents in the future."