Health-care patients have filed nearly a dozen proposed class actions following the largest medical information cyberattack reported so far this year, forecasting the legal stakes for providers when hackers target such sensitive data, Bloomberg reports.
Regal Medical Group disclosed last month that over 3.3 million patients had their personal and health information exposed in a December 2022 ransomware cyberattack. The US Department of Health and Human Services says the breach is currently the biggest reported to it in 2023. The agency’s Office for Civil Rights is also investigating it.
At least 11 lawsuits, all in California, were filed in the three weeks following Regal’s February disclosure, according to a Bloomberg Law analysis of court dockets. They seek monetary damages ranging between $100 and $3,000 per class member, and several want Regal and its affiliates to ensure they will prevent similar incidents from happening again.
The litigation comes amid other recent, high-profile health breaches. Last week, hundreds of congressional members staffers who use DC Health Link insurance potentially had their data exposed in a breach. Earlier this month, digital mental health care provider Cerebral reported inadvertently sharing the data of nearly 3.2 million people through advertising tracking technology with third parties, including Meta Platforms and Alphabet Google. Read more.
