Home Breaking News Lawsuit filed over data breach at hospital

Lawsuit filed over data breach at hospital


By John Balch

News-Leader staff

Just weeks after announcing a data breach, Howard Memorial Hospital and its insurance carrier have been hit with a class action complaint filed Jan. 12 in Howard County Circuit Court.

The lawsuit was filed for plaintiffs Bonita Martin, Bill Roberts and Pamela Garza on their behalf “and all others similarly situated” by attorney Randall K. Pulliam of Carney Bates & Pulliam, LLC in Little Rock; and Gary F. Lynch of Lynch Carpenter, LLP, of Pittsburgh, Pa.

The complaint states the three listed plaintiffs were HMH patients during the timeframe of Nov. 14, 2022, through Dec. 3, 2022, when the data breach at the hospital occurred.

HMH posted notice on its website and social media on Dec. 29, 2022 that personal identifying information (PII) and personal health information (PHI) had been accessed by an unauthorized third-party and that the incident was under investigation. The breach affected both patient and employee personal information.

The complaint does not state that any of the plaintiffs’ personal information had been compromised, but includes the following statement: “As a direct and primary result of Howard Memorial’s failure to implement and follow basic security procedures, Plaintiffs’ and Class Members’ PII and PHI is now in the hands of cybercriminals.”

Each plaintiff’s entry in the complaint lists includes the exact same information that as a result of the breach they are now required to spend their valuable time monitoring various accounts in an effort to “detect and prevent any misuses” of their PII and PHI. They all claim they will continue to be at “heightened and certainly impending risk for fraud and identity theft, and their attendant damages for years to come.”

HMH’s insurance carrier, which is listed as defendant “John Doe Insurance Carrier,” will become the focus of the complaint if the county-owned hospital is found to be immune from such legal claims.

The complaint’s class allegations state the plaintiffs are seeking to represent people whose PII and/or PHI was compromised in the breach and that they have been informed the number could be in the hundreds.

Plaintiffs are asking the court to also issue a prospective injunctive relief requiring HMH to “employ adequate security protocols consistent with law and industry standards to protect patients’ PH and PHI.” If that does not happen, the complaint contends the plaintiffs will suffer irreparable injury and then lack a legal remedy if another breach occurs.

With the exception of legal fees, there is no monetary request with only “damages in an amount to be determined by the trier of fact.”