News Room

More Oversight Needed to Combat Data Breaches

Written on behalf of Brian S. Kabateck

February 2, 2018

As more people share an increasing amount of personal information online, and data breaches hit record numbers, consumers are at a greater risk of identity theft than ever before. In the first half of 2017, the number of data breaches in the U.S. soared 29-percent, reaching a record high of 791, according to leading data risk management companies – and it’s not looking better for 2018.

The business sector was hardest hit. The next most vulnerable target was the healthcare industry, which is especially troubling, considering the highly sensitive information contained in medical records. Our firm represents thousands of California residents in a class action lawsuit stemming from a high-profile data breach at Sutherland Healthcare Solutions.

The county paid the Los Angeles based medical billing and collections agency $10-million a year to keep sensitive data safe, but the company failed miserably. At least 338,700 county patients were affected by the 2014 data breach and many of those victims are bracing for the fallout of having their personal information exposed and used by identity thieves. An investigation revealed that an insider helped thieves break into the company’s Torrance office and steal eight computers – the only equipment in the office that contained unencrypted patient data, which contained social security numbers, birth dates, addresses, and possibly medical diagnoses

Companies hit by hackers frequently scramble to shore up their security measures and urge customers to freeze or closely monitor their credit reports. But the risk of identity theft doesn’t disappear by changing passwords or a PIN number. Having someone open a credit card, obtain a loan or steal a tax refund in your name are the much more devastating consequences if you’ve been a victim of a data breach.

The courts are beginning to recognize this risk and have ruled that plaintiffs no longer have to demonstrate they’ve suffered financial damage but instead show there’s an increased likelihood of it happening. In a recent 2-1 decision, the Sixth Circuit panel reversed the dismissal of a class action lawsuit that stemmed from a 2012 data breach at Nationwide Mutual Insurance Co. The three-judge panel ruling determined that plaintiffs do not have to wait for someone to exploit their private information to meet the bar set by the U.S. Supreme Court’s 2016 decision in Spokeo, Inc. v. Robbins. The courts appear to be the best way to hold negligent companies accountable for lax data security.

While it seems like there’s a monster data breach every month, lawmakers and regulators have done little to hold organizations accountable for failing to safeguard our most private information. Lawmakers hold hearings and have proposed “massive and mandatory” fines for data breaches at Equifax Inc. and other credit reporting companies. One of several bills being proposed would direct the Federal Trade Commission to direct half of any fine to compensate affected consumers. Despite the anger, there’s little appetite in the Republican-controlled Congress to get any of these laws passed.

High profile cases like Equifax, Yahoo and Target may get the most attention, but thousands of corporations have fallen prey to cyber criminals who exploit vulnerabilities. It’s outrageous these companies see themselves as the victims while showing complete disregard for their responsibility to protecting consumer data.

A consumer class action is a lawsuit in state or federal court that is brought by one individual, or a few individuals, on behalf of a larger class of people similarly situated. Our firm is suing Sutherland Healthcare Solutions in a class action for failing to protect patient data. If you or a loved one think you’ve been impacted by a data breach, contact the attorneys at Kabateck LLP who have honed specialized skills in handling class action litigation for several decades.