An Arizona-based healthcare provider is facing a barrage of lawsuits following their recent admission that they were victims of cyber criminals. In August, Banner Health announced that hackers infiltrated their servers along with multiple credit card scanners related to on-site food service. The Arizona Republic reports that at least 10 civil lawsuits have been filed against Banner Health, which is one of the nation’s largest nonprofit health systems.
According to the newspaper report, the legal actions accuse Banner Health of failing to protect private information. Some allege that false credit card accounts have already been created from the pilfered data.
A story on the website Legal NewsLine goes deeper into one of the civil suits, noting the filing claims “Banner Health failed to employ security protocols to detect the unauthorized network activity, failed to provide timely and adequate notice of the data breach, and breached its contractual promises to adequately protect class members’ personal information.
While most of the lawsuits have patients as named plaintiffs, one was filed by Howard Chen, MD, a physician at Banner Thunderbird Hospital, located in Glendale, Arizona. At the time the lawsuit was filed, Chen’s attorney, Rob Carey, issued a statement decrying the healthcare provider’s response of paying for a year of credit monitoring for potentially impacted parties.
“Banner’s negligence affected millions of people,” Carey said. “It’s not enough to offer a skimpy ‘fix’ — the law requires Banner remedy the serious risks it created for its stakeholders.”
Besides the lawsuits, there remains the potential that Banner Health will face government fines for the security lapse. As other other healthcare providers with similar cyber slip-ups have discovered in recent months, the related settlements over HIPAA violations can be quite costly.
In a blog post on the website Lexology, analysts suggest that this legal tangle for Banner Health may prove to be a sort of collective test case for a section of U.S. law that is trying to keep pace with rapidly evolving technologies.
“Whatever the Arizona district court ultimately decides, this case should have a significant impact on future data breach class actions,” the authors write.
Filed Under: Industry regulations