City of Hope hit with multiple class action lawsuits in wake of breach

In response to a data breach that exposed the sensitive information of over 827,000 individuals, several plaintiffs filed class action lawsuits against City of Hope National Medical Center, alleging negligence in failing to adequately protect their data.

What happened

City of Hope National Medical Center, a prominent cancer treatment and research facility, is suffering from the consequences of a data breach suffered in 2023. Despite discovering the breach in October, City of Hope delayed notifying the affected individuals until April 2, 2024.

This delay and the failure to protect sensitive data led to several class action lawsuits filed by affected patients in California federal court. The plaintiffs argue that City of Hope failed to implement adequate cybersecurity measures and was negligent, which made their data vulnerable to cyberattacks. The lawsuits claim this negligence led to an increased risk of identity theft and fraud for the victims, forcing them to incur costs to protect themselves from potential harm. 

The class actions include: 

1. Tammy L. Julian v. City of Hope National Medical Center d/b/a City of Hope
2. Brian Ridley v. City of Hope National Medical Center Inc.
3. Patricia Lopez v. City of Hope National Medical Center
4. Graciela Rodriguez v. City of Hope National Medical Center d/b/a City of Hope
5. Laura Delapaz v. City of Hope 
6. Pamela Krause v. City of Hope
7. Lynsey Saurenmann v. City of Hope
8. L.E. v. City of Hope Medical Center d/b/a City of Hope

See also: What is a data breach?

The backstory

In October 2023, City of Hope disclosed a significant data breach affecting around 827,000 individuals. The breach was first detected on October 13, 2023, when unauthorized access to the organization’s systems was discovered. 

This breach resulted from a cybercriminal successfully copying numerous files between September 19 and October 12, 2023, potentially including sensitive personal and medical information such as names, Social Security numbers, driver’s licenses, financial details, and medical records. City of Hope initiated an investigation with the help of a cybersecurity firm and began notifying affected individuals in December 2023. 

See also: City of Hope announces breach impacting over 800 thousand patients

What was said

According to a news article by Top Class Actions, “The plaintiffs assert City of Hope should have been aware cybercriminals had an interest in its data and were likely to target its networks because healthcare data is highly valuable. Because the stolen data puts victims at increased risk of identity theft and fraud, the plaintiffs assert they must spend time and money to protect themselves from fraudulent activity.”

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a class action?

A class action is a lawsuit filed by one or more plaintiffs on behalf of a larger group who are affected by the same issue.

What is a data breach?

A data breach is an incident where confidential, sensitive, or protected information is accessed, disclosed, or stolen without authorization.

When can an organization suffer extensive consequences from a breach?

An organization can suffer extensive consequences from a breach when the stolen data includes sensitive personal information and there is evidence of a failure to guard against or prevent this unauthorized access.