Family Health Center Sued for HIPAA Violations After Cyberattack

On Monday, a class action was filed in the Southern District of Alabama on behalf of a class of patients who were treated by the Coastal Family Health Center and whose Personal Health Information (PHI) was purportedly accessed during a data breach, in violation of the Health Insurance Portability and Accountability Act (HIPAA).

The complaint explained that among the many provisions of HIPAA is a requirement that PHI obtained by medical providers for treatment or billing must be kept confidential. This requirement includes ethical obligations for the providers as well as technical obligations for the use and storage of the data. The Coastal Family Health Center is alleged by plaintiffs to have stored this information in a reckless and vulnerable manner, which made it vulnerable to cyberattack.

After a third party did introduce ransomware to the network, the plaintiffs’ private information, including names, social security numbers, and other private information was taken. This allegedly subjected the plaintiffs to identity theft and other criminal activities.

The plaintiffs are suing for negligence, breach of implied contract, invasion of privacy, unjust enrichment, breach of confidence, breach of fiduciary duty, violation of the Alabama Deceptive Trade Practices Act, and Violation of the Mississippi Consumer Protection Act.

The plaintiffs are represented by Mason Lietz & Klinger.