Christus Spohn Health System Corporation is part of the Christus Health System and runs two hospitals in Corpus Christi, Texas. Unfortunately, the complaint for this class action alleges that Christus Spohn was the target of a cyberattack between April 9 and May 4, 2022 that exposed personally identifiable information (PII) and protected health information (PHI). The complaint alleges that the company bears responsibility because it did not take adequate measures to prevent this data breach.
The class for this action is all citizens of Texas whose PII and PHI were kept on Christus Spohn’s servers that were compromised in the data breach.
The complaint quotes Christus Spohn’s privacy policies as saying, “Christus Health understands how important your personal medical information is to you. We protect the privacy of your health information because it is the right thing to do” and “We understand that your health information is personal and we are committed to protecting your privacy.”
Despite this, the complaint alleges that Christus Spohn only discovered on May 4, 2022 that an unauthorized third party had invaded its systems and obtained files containing PII and PHI that included such things as names, dates of birth, Social Security numbers, medical record numbers, health insurance information, and possibly some clinical data.
According to the complaint, Christus Spohn issued a press release and began notifying patients on July 17, but only began sending notice letters to the rest of the patients on November 11, 2022. The complaint alleges that Christus Spohn did not explain why it failed to detect the intrusion into its systems until nearly a month after it started or why it had not told patients about the exposure of their information before then.
The complaint asserts the Christus Spohn “failed to prevent the Data Breach because it did not adhere to commonly accepted security standards and failed to detect that its databases were subject to a security breach.”
“There are long-term consequences to data breach victims” when their Social Security numbers are stolen and used by cybercriminals, the complaint alleges. The theft of the Social Security numbers of minors is an even more serious situation, it claims, because children’s credit files are a “blank slate” without any negative information.
The complaint lists commonly-accepted security standards for companies, Federal Trade Commission (FTC) security standards for businesses, and standards related to the Health Insurance Portability and Accountability Act (HIPAA). It then implies or alleges that Christus Spohn did not meet these standards in its maintaining of patient PII and PHI.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Christus Spohn Health System Data Breach Texas Complaint
February 10, 2023
Christus Spohn Health System Corporation is part of the Christus Health System and runs two hospitals in Corpus Christi, Texas. Unfortunately, the complaint for this class action alleges that Christus Spohn was the target of a cyberattack between April 9 and May 4, 2022 that exposed personally identifiable information (PII) and protected health information (PHI). The complaint alleges that the company bears responsibility because it did not take adequate measures to prevent this data breach.
Christus Spohn Health System Data Breach ComplaintCase Event History
Christus Spohn Health System Data Breach Texas Complaint
February 10, 2023
Christus Spohn Health System Corporation is part of the Christus Health System and runs two hospitals in Corpus Christi, Texas. Unfortunately, the complaint for this class action alleges that Christus Spohn was the target of a cyberattack between April 9 and May 4, 2022 that exposed personally identifiable information (PII) and protected health information (PHI). The complaint alleges that the company bears responsibility because it did not take adequate measures to prevent this data breach.
Christus Spohn Health System Data Breach Complaint