Companies who hold sensitive PII are now facing class action lawsuits after cyberattacks.
The Florida Orthopaedic Institute (FOI) discovered the cyberattack in April.
In June, they started notifying patients of the data breach.
The list of information at risk is a long one. Names, birthdays, social security numbers, medical information and so much more was accessed during the breach.
Fast forward (just a tad) to July, and FOI is hit with a $99 million class action lawsuit. To make matters worse, the suit comes from one of the most prominent personal injury law firms in the country.
Mega law firm Morgan & Morgan has filed a class-action lawsuit, alleging Florida Orthopaedic Institute didn’t do enough to protect patients’ personal data and didn’t act fast enough when it discovered the breach.
In the past, breached companies have been able to successfully assert a defense that no actual damages have been sustained - loss of privacy but not actual money. To that point, FOI's letter to patients stated “there is no evidence that your information was misused.” This defense no longer holds (just like here)
“There have been many, many breaches of other hospitals and healthcare deliveries, which have sent a warning bell to protect this information, and that wasn’t done in this case,” said Attorney John Yanchunis
As it stands, a cyberattack can be absolutely devastating to operations and reputation. You can now add in the risk of class action lawsuits.
It's time health systems protect their patients and their assets from these attacks.
Are you ready to take action?
You already have a lot on your plate, so we make it easy. Find out how to protect your team with