fbpx

Broward Health Patient and Employee PII, PHI Data Breach Class Action

North Broward Hospital District, a healthcare system with more than thirty locations in Broward County, Florida, does business under the name Broward Health. In October 2021, it was the target of a data breach. The complaint for this class action alleges that the data breach is at least partly the responsibility of Broward Health, which it says “failed to implement reasonable security procedures and practices, failed to disclose material facts surrounding its deficient data security protocols, and failed to timely notify the victims of the Data Breach.”

The class for this action is all individuals whose personal information was compromised in the data breach.

Broward Health collects and stores both personally identifiable information (PII) and protected health information (PHI). The complaint quotes Broward as saying it “will abide by the most stringent of the regulations as they pertain to Protected Health Information, including obtaining your prior written authorization, as required, before any such information is disclosed to a third party.”

As part of its Code of Conduct, the complaint claims, Broward promises to “maintain[] the confidentiality of patient and other information in accordance with legal and ethical standards, and breaches will not be tolerated.”

The data breach took place October15-19, 2021, the complaint alleges, but Broward did not announce it until January 1, 2022.

The complaint quotes Broward Health as saying that its investigation showed that “the intrusion occurred through the office of a third-party medical provider who is permitted access to the system to provide healthcare services.”

According to the complaint, the information exposed in the data breach includes names, dates of birth, addresses, financial and bank account information, Social Security numbers, driver’s license numbers, insurance information, and medical information, among other things. Broward’s disclosure to the office of the Maine attorney general revealed that the data breach affected more than 1,357,000 people.

Broward has announced that it is taking certain steps to prevent a data breach from happening again, but the complaint alleges that “these ‘steps’ are industry-standard measures that should have been implemented long before the Data Breach occurred. This is especially true given that the healthcare industry is frequently one of the most targeted sectors for cyberattacks and attacks using stolen credentials have increased precipitously over the last several years.”

The complaint also asserts, “Despite its prominent stature, Broward Health has been charged with numerous acts of corruption that call into question its commitment to and investment in patient care.” The complaint details some of these, notes that Broward had to pay large amounts in settlements and fines, but says it “neglected to make corresponding investments in data security to ensure the millions of patient and employee files in its possession were securely stored.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Broward Health Patient and Employee PII, PHI Data Breach Complaint

February 25, 2022

North Broward Hospital District, a healthcare system with more than thirty locations in Broward County, Florida, does business under the name Broward Health. In October 2021, it was the target of a data breach. The complaint for this class action alleges that the data breach is at least partly the responsibility of Broward Health, which it says “failed to implement reasonable security procedures and practices, failed to disclose material facts surrounding its deficient data security protocols, and failed to timely notify the victims of the Data Breach.”

Broward Health Patient and Employee PII, PHI Data Breach Complaint

Case Event History

Broward Health Patient and Employee PII, PHI Data Breach Complaint

February 25, 2022

North Broward Hospital District, a healthcare system with more than thirty locations in Broward County, Florida, does business under the name Broward Health. In October 2021, it was the target of a data breach. The complaint for this class action alleges that the data breach is at least partly the responsibility of Broward Health, which it says “failed to implement reasonable security procedures and practices, failed to disclose material facts surrounding its deficient data security protocols, and failed to timely notify the victims of the Data Breach.”

Broward Health Patient and Employee PII, PHI Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy