Companies managing health data are witnessing an uptick in cyberattacks. Those that fall victim are not only dealing with the aftermath of the breach but are also facing a surge in litigation costs, as revealed by a Bloomberg Law analysis.
The stark reality
The monthly average of class actions over health data breaches this year has skyrocketed, nearly doubling the rate from 2022. This is based on an analysis of 557 complaints lodged against companies in federal courts in the past five years.
These lawsuits often demand civil damages amounting to millions, backed by large affected classes. This rise in litigation is paralleled by a steady increase in health-related cyber incidents, as per the US Department of Health and Human Services' Office for Civil Rights.
Several factors contribute to this litigation boom, from the rise in ransomware attacks and public notification rules to an increasingly privacy-aware public. However, the sharp increase in class actions this year is particularly noteworthy.
Related: Judge allows class action case against Meta to move forward
Digging deeper
While cybercriminals are increasingly targeting health data, the repercussions for companies go beyond just managing the breach. The legal aftermath is becoming a significant concern, with affected entities facing hefty lawsuits.
Why it matters
The health sector, rich in valuable personal data, is a goldmine for cybercriminals looking to sell or misuse the information. As the health industry integrates more technology, the risk of breaches—and consequently, litigation—may continue its upward trajectory.
By the numbers
In just the last year, the average ransom paid by the health sector reached a staggering $1.5 million. As of August 18 this year, over 41 million individuals have found their health data exposed.
Legal landscape
Regulations like the Health Insurance Portability and Accountability Act (HIPAA) require health entities to be transparent about breaches. This transparency, while essential, also makes these entities more vulnerable to legal actions. For instance, the 2019 cyber breach at the Laboratory Corporation of America led to 19 class actions after exposing 10.2 million patients' data.
Consumer vigilance
With states like California pioneering comprehensive privacy laws and a general uptick in data privacy awareness, consumers are more proactive. They're not just concerned about breaches but are willing to take legal routes to seek redress.
While the health data breach landscape is evolving, the marked rise in litigation, especially class actions, is a trend that companies need to be wary of in the coming years.
Related: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
