The North Carolina hospital system is facing a class action lawsuit after a 2023 data breach.
In 2023, Columbus Regional Healthcare System filed a notice of a data breach with the Attorney General of Maine.
According to the breach notice, Columbus Regional finished its investigation on December 28th, 2023. In the investigation, the system determined their network had been accessed between May 19th, 2023, and May 21st, 2023.
A news report said that information accessed may have included full names, Social Security numbers, dates of birth, driver’s license numbers or state ID numbers, passport numbers, alien registration numbers, financial account information, medical information, and/or health insurance policy information.
At the time, Columbus Regional said they were “not aware of any reports of identity fraud or improper use of [the] information as a direct result of this incident.” The health system did, however, recommend individuals review their financial account statements and credit reports for irregular or fraudulent activity.
Ultimately, Columbus Regional estimated that 132,887 individuals were impacted by the breach.
Now, the hospital system is facing a class action lawsuit. According to a local news report, the plaintiff is seeking compensation for themselves and other class action members. They argued that the hospital system failed to “exercise reasonable care in securing and safeguarding sensitive patient [personally identifying information] and/or [protected health information]--including first and last names, Social Security numbers, dates of birth, health insurance information, personal addresses, and sensitive patient medical treatment information.”
The plaintiff says the breach has negatively impacted them, and they have encountered:
Class action lawsuits can be difficult for healthcare organizations to respond to, especially if the plaintiff can reasonably connect the data breach to adverse effects. Many lawsuits ultimately settle to avoid costly legal fees and heftier payment amounts.
Suits against organizations increase the financial burden of the breach experience. Not only do hospitals have to handle challenges to their operations and costs associated with improving security, but they also have to handle court fees and settlement costs.
Ultimately, organizations have to pay for strong security measures one way or another–either from improving their security as soon as possible or being forced to make amends after a breach. The best cybersecurity strategy involves being proactive against emerging threats.
Related: HIPAA Compliant Email: The Definitive Guide