Law firm Morgan & Morgan has filed a class-action lawsuit against Tampa General Hospital on behalf of three victims affected by a significant data breach. Between May 12th and May 30th, 2023, cybercriminals infiltrated the hospital’s computer system, resulting in the theft of data belonging to approximately 1.2 million patients.
Details of the Data Breach
During the specified timeframe, malicious actors managed to breach Tampa General Hospital’s computer system. As a result, highly sensitive information was exposed, including names, addresses, phone numbers, dates of birth, Social Security numbers, and select Health Insurance Portability and Accountability Act (HIPAA)-protected medical records. This data breach has left patients vulnerable to identity theft and other potential harm.
Allegations against Tampa General Hospital
The plaintiffs argue that Tampa General Hospital not only failed to adequately secure their personal and medical data but also aggravated the situation by delaying the notification of victims until July 19th — over two months after the initial breach. This delay may have allowed the cyber criminals to exploit the stolen information further, potentially causing irreparable damage to the affected patients.
Timeline of Awareness
According to the lawsuit, Tampa General Hospital was unaware of the breach until May 31st, which gave the hackers nearly three weeks to extract information undetected. This raises concerns regarding the hospital’s cybersecurity measures and its ability to promptly detect and respond to such attacks.
Plaintiffs and their Claims
The class-action lawsuit includes three plaintiffs who have chosen to remain anonymous to protect their identities. Among the plaintiffs is an individual who has already fallen victim to identity theft following the breach, highlighting the real-world consequences of the hospital’s failure to safeguard patient data. Notably, one of the plaintiffs is a retired FBI agent, further underscoring the severity of the breach and the need for immediate action.
Objectives of the Lawsuit
Alongside seeking justice and accountability for the violated patients, the lawsuit aims to compel Tampa General Hospital to take additional steps to safeguard patient privacy, particularly in light of the current cyberattack landscape. The privacy breach has caused significant distress and psychological harm to the victims, and it is essential for the hospital to address these concerns adequately.
Allegations and Relief Sought
The class-action lawsuit includes allegations of invasion of privacy, unjust enrichment, breach of confidence, and breach of fiduciary duty against Tampa General Hospital. The plaintiffs are seeking relief in the form of monetary damages, restitution for the victims, injunctive relief to ensure improved data security practices, and the appointment of class representatives to advocate for the affected patients’ interests.
Comment from Tampa General Hospital
Tampa General Hospital has been contacted for comment regarding the lawsuit, but has not responded at the time of writing. It remains to be seen how the hospital will address the allegations and what steps it will take to rectify the data breach and prevent future incidents.
The class-action lawsuit against Tampa General Hospital represents an important step towards holding the healthcare institution accountable for its failure to adequately protect patient data. The breach has not only exposed sensitive information but has also violated patients’ privacy and caused psychological distress. It is crucial that hospital organizations prioritize robust cybersecurity measures and promptly notify affected individuals to minimize the potential harm arising from data breaches. Only with strong accountability and improved privacy protections can patients regain their peace of mind and trust in the healthcare system.