What rights do you have as a data breach healthcare victim?

Data breach healthcare victims may have their personal information compromised, along with valuable insurance and medical data, putting them at risk. This has happened multiple times around the country, with more attacks occurring each year.

Data breach definition

Simply put, a data breach occurs whenever a third party accesses information without authorization. Any company can be affected by a data breach, from retailers to credit companies to healthcare systems and more.

Typically, data breaches are caused by a lapse in cybersecurity. These weaknesses can make it easier for hackers to access vital information such as names, payment card information, social security numbers, and other important data.

What are the causes of a data breach in healthcare?

Recently, ransomware attacks have been the primary cause of healthcare data breaches. In these breaches, a hacker gains access to a database or system through a phishing scheme or other avenue. Then, the hackers hold these databases “hostage” until a ransom is paid, usually by bitcoin, by the healthcare system.

Although these sort of data breaches have been more common lately, there are other ways that valuable healthcare information can be compromised. Some examples include traditional theft and more straightforward hackers.

What is the impact of a healthcare data breach?

According to HIPAA Journal breach statistics, there were 3,054 healthcare data breaches between 2009 and 2019. As a result of all of these breaches, 230,954,151 medical records have reportedly been compromised. This allegedly equals over 69.78 percent of the American population.

In certain breaches, especially ransomware attacks, the daily functioning of a healthcare provider can be impacted. Some hospitals have had to completely shut down non-emergency functions because they are unable to access vital data. In other cases, appointments may be rescheduled or canceled in a ransomware attack.

Data breach healthcare victims may be impacted in a variety of other ways including the unauthorized sharing of a patient’s name, payment information, insurance information, social security numbers and other personal identifying information, putting them at risk of identity theft. Other healthcare data such as test results, medical records and health history can also be compromised in these breaches.

According to the Center for Internet Security, the average cost of a healthcare data breach is $355 per stolen record. Although many people assume payment information will sell for more on the black market, credit card numbers reportedly sell for only $1 or $2 while personal healthcare information can be sold for up to $363.

Data breach in healthcare cases

In February 2020, Health Share of Oregon revealed that it was the victim of healthcare data theft. The theft, which occurred in November 2019, allegedly occurred when a laptop containing consumer data was stolen from a GridWorks office.

The laptop reportedly contained the information of up to 654,362 individuals. This is smaller than other breaches that have impacted millions of customers.

A Medicaid coordinated care organization, Health Share’s exposed data may have included names, addresses, phone numbers, birth dates, Social Security numbers, and Medicaid ID numbers.

Although the company is not sure whether or not member information was discovered, utilized, or sold, the system data was reportedly left unencrypted. This means that it may be easy for the data thief to access and sell the information.

“Though the theft took place at an external vendor, we take our members’ privacy and security very seriously,” said Dr. Maggie Bennington-Davis, interim CEO and Chief Medical Officer at Health Share of Oregon. “We are ensuring that members, partners, regulators, and the community are made fully aware of this issue.”

“We are committed to providing the highest quality service to our members, which includes protecting their personal information,” Bennington-Davis assured.

A recent data breach affected Shields Health Care Group in Massachusetts. This breach impacted 50 facilities and over 2 million patients. Information compromised in the attack includes names, Social Security numbers, addresses, insurance data, treatment information and other sensitive data.

Other healthcare data breaches affected companies such as Scripps, Elekta, Ferguson Medical Group, Georgia healthcare network St. Joseph’s/Candler, Parker Hannifin, Partnership Health Plan of California, Norwood Clinic, Comprehensive Health Services/Acuity, Schneck Medical and ARcare.

Filing a healthcare data breach lawsuit

If a data breach was caused by a negligent lapse in cybersecurity, data breach healthcare victims may be able to take legal action against their healthcare provider. Companies, including healthcare systems, have a responsibility to keep consumer information secure. If they fail to follow through on this duty, they may be held liable under state and federal laws.

Join a Free Health Share of Oregon Data Breach Class Action Lawsuit Investigation

If you were affected by the Health Share of Oregon data breach, you may be eligible to join a free class action lawsuit investigation into claims Health Share of Oregon failed to take steps to properly safeguard its members’ data.

Get a Free Case Evaluation

This article is not legal advice. It is presented
for informational purposes only.