North Broward Hospital District does business as Broward Health, a healthcare system with some thirty or more locations in Florida, around 1,700 physicians, and more than 8,000 employees. The complaint for this class action alleges that Broward Health failed to properly safeguard the personally identifiable information (PII) and protected health information (PHI) of patients and employees, leading to a data breach on or around October 15, 2021.
The class for this action is all individuals whose PII and/or PHI was accessed or exfiltrated during the data incident in the website notice.
The “data incident” began when an intruder gained access to the system on or around October 15, 2021. According to the complaint, Broward found the intrusion on October 19, but the intruder had already exfiltrated information related to more than 1,357,000 people by then.
The complaint quotes the company’s Website Notice about the data breach as saying, “The investigation determined the intrusion occurred through the office of a third-party medical provider who is permitted access to the system to provide healthcare services.”
Among the information exposed, the complaint claims, were names, dates of birth, financial or bank account information, Social Security numbers, insurance information, driver’s license numbers, and medical diagnosis and treatment information.
Broward Health posts a Notice of Privacy Practice for Protected Health Information on its website which the complaint quotes as stating that “Broward Health is required by law to satisfy the following duties: Maintain the privacy of protected health information…” The complaint quotes its Patient Bills of Right as saying, among other things, that patients have the right “[t]o expect all communications, and other records pertaining to your care … to be treated as confidential.”
The complaint alleges that Broward should have done a number of things before the data breach:
- It should have encrypted or tokenized the PII and PHI.
- It should have deleted PII and PHI that it did not need to keep on file.
- It should have closed access to the PII and PHI from the Internet where it was not justified.
- It should have reviewed and improved the security of its systems that contain PII and PHI.
The complaint alleges that Broward did not do these things in order to avoid the exposure of patient and employee information.
The complaint alleges that “[b]y obtaining, collecting, using, and deriving a benefit from” employees and patients’ PII and PHI, Broward Health assumes legal and other duties to those individuals to protect their information.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Broward Health Theft of Patient and Employee PII, PHI Complaint
March 11, 2022
North Broward Hospital District does business as Broward Health, a healthcare system with some thirty or more locations in Florida, around 1,700 physicians, and more than 8,000 employees. The complaint for this class action alleges that Broward Health failed to properly safeguard the personally identifiable information (PII) and protected health information (PHI) of patients and employees, leading to a data breach on or around October 15, 2021.
Broward Health Theft of Patient and Employee PII, PHI ComplaintCase Event History
Broward Health Theft of Patient and Employee PII, PHI Complaint
March 11, 2022
North Broward Hospital District does business as Broward Health, a healthcare system with some thirty or more locations in Florida, around 1,700 physicians, and more than 8,000 employees. The complaint for this class action alleges that Broward Health failed to properly safeguard the personally identifiable information (PII) and protected health information (PHI) of patients and employees, leading to a data breach on or around October 15, 2021.
Broward Health Theft of Patient and Employee PII, PHI Complaint