HIPAA Blog

[ Tuesday, January 28, 2025 ]

 

Change Healthcare's Breach Victim Count Reaches 190,000,000.  US population is about 340 million, which means the breach affected about 56% of the US population.  So, if you're an American, it's more likely than not that your PHI was exposed in the Change breach.  

A few months ago, a ransomware negotiator mentioned something to a client of mine that was a bit of a revelation.  We were discussing the question of whether a breach victim can ever prove damages from a breach without some very specific evidence, such as the breach being a personal attack (an estranged spouse obtains the information and uses it in some obvious way to leverage a big divorce settlement payment) or the hacker deliberately using stolen data to blackmail a victim.  If a covered entity suffers a breach and one of the victims of the breach suffers identity theft, can the victim prove that it was the breach in question that exposed his/her data, or might the data have been exposed in a different breach?  The more breaches there are, the more difficult it will be for victims to prove causation.

The Change Healthcare breach might re-write the rules here: if I fail to protect your data and you get harmed, can you prove that my exposure of your data caused the harm, if your data was already exposed on the dark web?


Jeff [8:18 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template