Personal Identifying Information Involving 1.2 Million Patients Is At Risk For Identity Theft
A class-action lawsuit was recently filed against Dallas-based Tenet Healthcare and its affiliate, San Antonio, Texas-based Baptist Health System, over an April data breach that has affected 1.2 million patients.
The lawsuit, filed in Dallas County, alleges that the health companies were negligent in protecting patient’s health information and failed to properly notify patients of the data breach, according to the report.
Healthcare Providers’ Failure to Adequately Protect Patient Data Lead To Breach
According to the lawsuit,Tenet Healthcare and its subsidiary Baptist Health System did not follow industry standards to protect patients’ data, including providing sufficient employee education, implementing multilayer security systems and installing malware detection software common among health care providers.
The companies also failed to meet minimum cybersecurity standards set by multiple organizations and did not have data security practices that aligned with Federal Trade Commission guidelines, the lawsuit alleges.
Tenet’s Response To the Data Breach
The lawsuit notes that while the companies offered the affected patients fraud and identity monitoring services, it’s unclear how long that offer will last. The lawsuit says affected patients will probably have to pay for credit-monitoring services and other protective measures.
Tenet Health and Baptist Health System learned about the data breach on April 20 and that the plaintiff wasn’t notified until June 17, according to the lawsuit.
In an April 26 news release, Tenet said it launched an investigation of the breach “immediately” after learning of it, according to the report.
The protected health information of patients, including Social Security numbers, names, dates of birth, health insurance information, medical information, addresses, and billings and claims information were compromised in the breach.