Data protection laws around the world have allowed victims of serious data breaches to claim the compensation they rightfully deserve. As the number of data breaches seems to continually be on the rise, we’re seeing some huge settlements for breaches amongst cases where data has potentially been exposed forever.
The growth in data breach settlements may well continue to rise as well unless organsations get the vital grip they need on securing their servers and protecting the data they hold.
Anthem data breach – example one
In June 2017, health insurer Anthem Inc., reached a $115 million (£89 million) settlement with their customers where cyber-hackers stole private data on 78.8 million people back in 2015. This settlement was hailed as the largest data breach settlement in history.
In this case, cyber-hackers obtained data of current and former customers and employees. The information compromised included names, dates of birth, Social Security numbers, medical IDs, physical and email address details, and employee data, which included income.
Going forward, this settlement could be a landmark example for future cases of a similar nature. Notably, Anthem didn’t actually admit any wrongdoing on their part, and the settlement figure indicates that legal might may have pushed the health insurer to make a pay-out.
Texas hospital data breach
In May 2017, Texas health system Integrity Transitional Hospital agreed to a $2.4 million (£1.8 million) HIPAA-related settlement after it named a patient who used a fake ID card, but then the healthcare provider carelessly published her name in a public press release.
Healthcare attorney, Eric Fader, told Bloomberg BNA, “I have no doubt that we’ll be seeing more of these class-action suits and settlements as data breaches continue to proliferate.”
Additional burden of lawsuits
The threat of lawsuits certainly places an additional burden on healthcare providers and institutions to secure medical records. This can only ever be a good thing if we are to commit to ensuring these kinds of breaches stop happening. At the end of the day, healthcare data breaches can have a serious impact on a victim’s life forever…
Among ransomware data breaches, employee error is also concerning data holders and authorities alike. Research experts emphasise the importance of staff training, monitoring, testing and investment that should be in force.
HHS’ advice
The Department of Health and Human Services Office for Civil Rights urged healthcare providers to act quickly and report cyber-security incidents. In the event of a cyber-attack, the HHS provides the following checklist for companies to follow:
- Execute its response and mitigation procedures and plans e.g. the company should fix any technical or other problems to stop the incident
- Report the crime to other law enforcement agencies
- Report all cyber-threat indicators to federal and information-sharing and analysis organisations
- Report the breach to OCR ASAP, but no later than 60 days after the discovery of a breach affecting 500 or more individuals
It’s of grave importance that healthcare providers and institutions ensure they’re equipped for cyber-security issues, encouraging them to have an “all-hazards approach”.
The checklist could’ve been helpful for the recent NHS ransomware hack that occurred in May 2017. Maybe it’ll be useful for the future, as there’s no shadow of a doubt that another cyber-hack on healthcare providers/institutions is imminent when you look at the frequency of them in recent history.
It really is a case of if and not when these days…