Cancer patient sues UCSD Health over 500K-record info breach

A patient in El Cajon, California, sued University of California, San Diego Health this past week over a security breach that potentially exposed the private information of 495,949 patients.  

The plaintiff, Denise Menezes, is raising allegations of negligence, breach of contract, breach of confidence, and the violation of California’s laws about medical privacy and unfair competition.   

She is seeking class-action status.  

“The data breach occurred because UC San Diego Health failed to implement reasonable security procedures and practices, failed to provide its employees with basic cybersecurity training designed to prevent ‘phishing’ attacks, failed to take adequate steps to monitor for and detect unusual activity on its servers, failed to disclose material facts surrounding its deficient data security protocols and failed to timely notify the victims of the data breach,” read the complaint, which was filed in California federal court.

UC San Diego Health representatives said the university cannot comment on pending litigation. 

WHY IT MATTERS  

According to the complaint, Menezes is being treated for breast cancer at UC San Diego Health’s Moores Cancer Center.

In September 2021, she received a notice informing her that she was among the patients whose data – including, in her case, full name, claims information, medical record number and treatment information – had been exposed in a phishing incident

According to UC San Diego Health, the hackers may have had access to private information for months.  

Still, “UC San Diego Health’s letter created more questions than it answered,” according to the complaint.  

Menezes’ attorneys say UC San Diego Health waited months to get in touch with individual patients, despite publishing a general notice about the incident in June.  

“Of course, a website posting did not identify which specific patients were impacted and was inadequate to affirmatively alert individuals impacted by the data breach to take measures to protect themselves,” said the complaint.  

They also say the letter is “downplaying the risk of misuse,” and missing key information about the incident or the hackers’ identities.  

“As a result of the data breach, Ms. Menezes has spent time and effort researching the breach and reviewing her financial and medical account statements for evidence of unauthorized activity, which she will continue to do for years into the future,” said the complaint.  

The complaint says that UC San Diego failed to comply with basic recommendations and guidelines that would have prevented the breach from occurring, stressing the negative consequences of medical identity theft.  

“Each data breach increases the likelihood that a victim’s personal information will be exposed to more individuals who are seeking to misuse it at the victim’s expense,” said the complaint.  

“Now that the investigation is complete, notifications to individuals whose data was impacted were sent beginning September 7, 2021, on a rolling basis where contact information was available,” said UC San Diego Health representatives in response to a request for comment.

“UC San Diego Health worked deliberately, while taking care to provide accurate information, as quickly as it could,” they added, noting that the university arranged for individuals whose data was impacted to receive one year of free credit monitoring and identity theft protection services through IDX.

“In addition to these actions, UC San Diego Health began taking remediation measures to enhance their security controls which have included, among other steps, changing employee credentials, disabling access points, and enhancing security processes and procedures,” said the representatives. “While there are a number of safeguards in place to protect information from unauthorized access, UC San Diego Health is also always working to strengthen them so we can further minimize the risk of this type of threat activity.”

THE LARGER TREND  

The lawsuit is proof that for health systems who are victimized by cyberattacks, the financial fallout can go beyond paying a ransom (something the feds still advise against) or having to halt procedures.  

And UC San Diego Health isn’t alone. Earlier this year, Scripps Health, also in San Diego, faced a handful of suits after a ransomware incident led to a weeks-long network shutdown.  

ON THE RECORD  

Menezes “suffered emotional distress knowing that her highly personal medical and treatment information is now available to criminals to commit blackmail, extortion, medical-related identity theft or fraud, and any number of additional harms against her for the rest of her life,” according to the complaint.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
New Zealand strengthens tahini controls after outbreak thumbnail

New Zealand strengthens tahini controls after outbreak

Authorities in New Zealand have tightened the import rules around tahini and halva from Syria following a recall and outbreak. An outbreak of Salmonella Kintambo earlier this year involved three patients who had consumed sesame-based products from Syria. Two people were hospitalized. Sequencing of clinical isolates showed cases were closely genetically related and had the same sequence
Read More
Song Young-gil, “Documents for the defense of the mother-in-law, should be held accountable” thumbnail

Song Young-gil, “Documents for the defense of the mother-in-law, should be held accountable”

세계일보 보도 관련 “탄핵소추 사안” 윤석열 전 검찰총장(왼쪽), 장모 최모 씨. 뉴스1, 연합뉴스 국민의힘 윤석열 대선 경선 후보의 검찰총장 재직 시절 대검찰청이 윤 후보 장모인 최모씨의 잔고증명서 위조 사건에 대해 ‘변호 문건’을 생산한 것으로 드러나자 여권에서는 “기가 막힐 일”이라고 윤 후보를 비판했다. 더불어민주당 송영길 대표는 29일 국회에서 열린 최고위원회의에서 “세계일보에서 이번에 윤 후보가 검찰총장 시절에…
Read More
A new study says EATS Act could do a lot of damage, including to food safety thumbnail

A new study says EATS Act could do a lot of damage, including to food safety

When the conservative U.S. Supreme Court said California could put whatever restrictions it wanted on selling meat, it left rural producer states scratching their heads. The Court’s state’s rights philosophy upheld the animal housing requirements of Proposition 12 but left pork producers and the National Farm Bureau wondering what happened. And it left rural America to come
Read More
Index Of News
Total
0
Share