BreachExchange mailing list archives
Law firms see big money in healthcare breach cases (fwd)
From: security curmudgeon <jericho () attrition org>
Date: Fri, 20 Apr 2012 21:21:52 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.csoonline.com/article/704288/law-firms-see-big-money-in-healthcare-breach-cases By Taylor Armerding CSO April 16, 2012 Cybercriminals are not the only ones looking to make money from health data breaches. In California, where a unique state law provides for damages of $1,000 per person per violation of the Confidentiality of Medical Information Act of 1981 (CMIA), plaintiff law firms are lining up to file privacy data breach class-action lawsuits against hospitals, medical service providers and health insurers that, if successful, could easily yield payouts in the multiple millions. The San Francisco-based legal publication The Recorder reported April 6 that at least a half-dozen plaintiff firms had filed complaints for privacy breaches so far, seeing it as a lucrative new source of income. Brian Kabateck of the Los Angeles plaintiffs firm Kabateck Brown Kellner told The Recorder, "There's an awful lot at stake here." Indeed, a suit pending against St. Joseph Health System involves the exposure of medical information of about 31,800 patients. At $1,000 each, even if only one violation is involved, it is simple math to see that would yield damages of $31.8 million. But there is considerable distance between that gleam in a law firm's eye and reality. The attorneys filing the complaints and the attorneys defending their targets agree that they are in untested legal waters. Filing privacy breach cases as class actions is new, and all those involved say new legal precedents will be made in the next several years. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Law firms see big money in healthcare breach cases (fwd) security curmudgeon (Apr 30)