Incident & Breach Response , Legislation & Litigation , Managed Detection & Response (MDR)

Health Data Breaches: The Legal Issues

Attorney Lisa Rivera Discusses Healthcare's Security Challenges
Health Data Breaches: The Legal Issues
Attorney Lisa Rivera of law firm Bass, Berry & Sims

Several pending legal cases involving security issues - including CareFirst's recent petition to the Supreme Court for a review of a class action lawsuit filed against the insurer in the wake of 2014 data breach - showcase the multitude of cybersecurity challenges facing the healthcare sector, says attorney Lisa Rivera.

"The healthcare sector is a huge target for computer hacking and cybercrimes because ... it has very important information on individuals that is very difficult to move forward without," Rivera says in an interview with Information Security Media Group.

Unlike breaches impacting companies in the retail sector, for instance - after which exposed credit card numbers can be changed to help prevent fraud - compromised health data potentially present long-term risks for individuals, she says.

Future Harm

The risk of stolen health data being used surreptitiously by criminals years after a breach is a real concern, she notes.

In class action lawsuits that have been filed against companies in the wake of data breaches, however, U.S. circuit courts have been "split over whether or not it was enough that there was a threat of substantial injury at some time in the future when [injury] had not [yet] occurred," she says.

That's why the CareFirst class action lawsuit -which the insurer has petitioned the Supreme Court to review - is potentially significant, she says.

"This one is going to go up to the Supreme Court ... where they're going to talk about whether a case has presented substantial harm to a victim of a data breach - what is going to be enough in order to proceed in a class action case against that company," she predicts.

In the interview, Rivera also discusses:

  • The significance of the recent $1 billion civil lawsuit against electronic health records vendor eClinicalWorks that was filed in the wake of a $155 false claims case settlement earlier this year;
  • Lessons from the Equifax breach that impacted 143 million individuals;
  • Emerging breach lawsuit trends tied to incidents involving ransomware attacks.

At the law firm Bass, Berry & Sims, Rivera's practice focuses on advising healthcare providers, pharmaceutical manufacturers, medical device companies and other clients on matters related to civil and criminal healthcare fraud and abuse, as well as government investigations and enforcement. Previously, Rivera served for 10 years as an assistant U.S. attorney in the U.S. Attorney's Office for the Middle District of Tennessee, where she was a civil and criminal healthcare fraud coordinator responsible for the intake, review and coordination of all criminal and civil healthcare fraud investigations and claims.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.