|Main Archive Page > Month Archives > infosec-news archives|
By Taylor Armerding
April 16, 2012
Cybercriminals are not the only ones looking to make money from health
In California, where a unique state law provides for damages of $1,000
per person per violation of the Confidentiality of Medical Information
Act of 1981 (CMIA), plaintiff law firms are lining up to file privacy
data breach class-action lawsuits against hospitals, medical service
providers and health insurers that, if successful, could easily yield
payouts in the multiple millions.
The San Francisco-based legal publication The Recorder reported April 6
that at least a half-dozen plaintiff firms had filed complaints for
privacy breaches so far, seeing it as a lucrative new source of income.
Brian Kabateck of the Los Angeles plaintiffs firm Kabateck Brown Kellner
told The Recorder, "There's an awful lot at stake here."
Indeed, a suit pending against St. Joseph Health System involves the
exposure of medical information of about 31,800 patients. At $1,000
each, even if only one violation is involved, it is simple math to see
that would yield damages of $31.8 million.
But there is considerable distance between that gleam in a law firm's
eye and reality. The attorneys filing the complaints and the attorneys
defending their targets agree that they are in untested legal waters.
Filing privacy breach cases as class actions is new, and all those
involved say new legal precedents will be made in the next several
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA