Bad Medicine: Hospital Hit With Multiple Data Breach Class Actions for Unauthorized Access of Patient Records
Kristin L. Bryan of Squire Patton Boggs writes:
Healthcare data breaches are on the rise-recent estimates peg the number of patient records breached in 2019 as exceeding 41 million individuals. Additionally, approximately 60% of all healthcare data breaches are caused by internal actors—a statistic underscored by consecutive data breach class actions filed against the Mayo Clinic concerning the unauthorized access of patient records.
I don’t think that statistic thinks what she thinks it means, as most actual breaches still involve external threat actors — unless you count employees falling for phishing attacks as a breach being caused by an internal actor — but let’s continue:
In October, Mayo Clinic disclosed that that a former employee had inappropriately accessed the health records of more than 1,600 patients. Information that may have been accessed in the breach reportedly included name, demographic information, date of birth, medical record number, clinical notes and medical images (including, as alleged in the litigation, nude images of patients taken in connection with ongoing cancer treatments).
This month, following disclosure of the breach, Mayo Clinic was hit with two data privacy class action lawsuits in Minnesota state courts.
Read more on National Law Review.