Just as the cyberthreat landscape is evolving, so too are the data breach lawsuits filed in the wake of attacks, says attorney John Yanchunis, who has represented plaintiffs in many of these class action cases. For example, more suits are tied to ransomware attacks and involve efforts to recover related expenses.
Yanchunis is among the attorneys representing physician practices that earlier this year filed a class action lawsuit after a ransomware attack against cloud-based electronic health records vendor Allscripts.
The ongoing lawsuit against Allscripts alleges that the ransomware attack for eight days prevented physician practices from accessing their patient schedules, medical records data and billing systems, Yanchunis says in an interview with Information Security Media Group.
Besides disrupting physicians' ability to provide patient care, the attack prevented doctors from being able to electronically document their patient information as required by Medicare and Medicaid for payment. That episode "caused doctors to incur both additional expenses, as well as lost time," he says.
Yanchunis says he'll soon file another lawsuit representing individuals impacted by a recent ransomware attack on an unnamed retailer.
"This is the second case I filed on the same issue - ransomware, where a cybercriminal is able to lock up a computer affecting consumers. It's caused substantial damage to consumers and businesses that use that as a platform," he says.
As for as the potential damage caused to individual victims, the ransomware attack on the retailer "took down a marketplace where businesses and consumers did business, causing financial injury," he says. "Each of the consumers we're representing can show loss of income for the period of time when the ransomware was in place and before it was removed."
Previous Data Breach Suits
By contrast, many lawsuits filed in the wake of earlier data breaches involved the exfiltration and compromise of personal information of individuals who subsequently faced the risk of fraud, identity theft and other cybercrimes. Yanchunis has represented plaintiffs in a few such cases, including litigation in the wake of the 2015 cyberattack on Premera Blue Cross.
In those types of cases, the courts increasingly are taking into consideration whether victims faced extraordinary expenses, such as devoting time to cancelling payment cards, signing up for identity theft protection and other post-breach protection activities, he notes.
In the interview (see audio link below photo), Yanchunis also discusses:
- Trends related to recent litigation in the wake of data breaches involving mobile health and fitness apps;
- Settlement trends in some data breach cases;
- Advice to consumers about protecting their personal information from potential data breaches.
Yanchunis practices with the law firm Morgan & Morgan's complex litigation group. For more than 20 years, he's represented consumers in privacy rights and data breach cases. Yanchunis has served as lead, co-lead or class counsel in numerous consumer class actions. He also served on the executive committee overseeing the consumer class, bank class and shareholder derivative litigation against Target.