HIPAA Blog

[ Monday, December 07, 2020 ]

 

 It looks like Kalispell Regional is trying to settle a class-action lawsuit against it related to a 2019 breach involving 130,000 patients.  Hackers got in via phishing emails, and were in the system for months before the hospital noticed.  250 Social Security Numbers were stolen.  The incident resulted in a suit by a victim, alleging that KRH failed to take reasonable steps to prevent the hack, the proposed settlement has a dollar amount of $2.4 million.

What makes this interesting is that class action lawsuits as the result of data breaches usually crash in flames.  It's hard to prove damages, each victim is victimized in a somewhat different way and has different damages, and other factors make these tough for plaintiff's lawyers to cash in on.  

But don't be fooled by the headline: This is just the establishment of a fund to potentially pay out up to that amount.  The only things to be paid are actual provable damages (which are hard to find, prove, and show), up to 5 hours of your own time (at $15/hour, so a max of $75) dealing with the mess.  Ultimately, KRH will spend a lot less than $2.4 million.


Jeff [9:35 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template