Getting Hacked, Then Getting Sued for Getting Hacked

Getting Hacked, Getting Sued for Getting Hacked
By William Vogeler, Esq. on May 07, 2019 12:00 PM

Your company's data has been hacked, so what are your lawyers going to do?

They can't sue the hackers because they're long gone. Your company, unfortunately, is left holding the bag. That means your lawyers won't be filing a lawsuit.  Instead, they will be defending against one, or two, or three....

Sued for Getting Hacked

It's a problem that is becoming all too common. Companies get hacked, then get sued for getting hacked. It's happening again in Massachusetts.

Patients filed a class-action lawsuit against Baystate Health, weeks after a phishing attack at the medical provider. Baystate notified some 12,000 patients of a potential breach of their data. The hackers compromised employee email accounts, which contained information about demographics, diagnoses, Medicare and Social Security numbers.

In the lawsuit, the plaintiffs fault the defendant for not promptly notifying the patients. Their complaint says personal information was exposed, but does not allege actual damage from the hack. According to reports, it was not first time Baystate suffered a data breach. In 2016, the company reported a similar incident when five employees were duped by malicious emails disguised as an internal memo.

Biometric Privacy

Medical providers, like law firms, are prime targets for cyberattacks because they hold a wealth of personal information. It is also a source of increasing liability for companies that keep such information. In Illinois, the state Supreme Court ruled this year that individuals may sue organizations that violate the state's Biometric Information Privacy Act. It is unique because the law allows plaintiffs to proceed without alleging actual injury.

According to a survey in 2016, more than 16 million Americans have been victims of identity fraud. That was four million more victims than identified in 2012. Social Security numbers were stolen more than credit card numbers, reported Javelin Strategy & Research.

Bayside, meanwhile, took some action after the latest breach. It provided all patients with a year of free credit monitoring and identity theft protection.

Related Resources: