Tampa, Florida-based Florida Orthopaedic Institute has agreed to pay patients $4 million for a 2020 data breach.
The Price of a Data Breach
1 min read Premium comments
#cyberattacks#databreach#floridaorthopaedicinstitute
Florida Orthopaedic Institute is the largest orthopedic group in Florida. In April 2020, Florida Orthopaedic Institute detected a ransomware attack. After a third-party forensic investigation, Florida Orthopaedic Institute learned that protected health information may have been exposed or stolen during the attack.
In June 2020, the Florida Orthopaedic Institute informed 640,000 patients about the data breach. For OTW’s original coverage of the ransomware attack, see “Florida Orthopaedic Institute Victim of Ransomware Attack.”
Within a short time of sending out the notification of the data breach, a lawsuit was filed in the U.S. District Court for the Middle District of Florida. It alleged that Florida Orthopaedic Institute, per filings, was “lackadaisical, cavalier, reckless, or in the very least, negligent” with respect to patient privacy. The lawsuit included a number of other allegations as well.
Florida Orthopaedic Institute has not admitted any wrongdoing. However, to resolve the claims, Florida Orthopaedic Institute agreed to pay $4 million. Per the proposed settlement, patients who were notified about the data breach can submit a claim for a cash payment of up to $15,000 for out-of-pocket losses as well as for other reimbursements and services.
Florida Orthopaedic Institute isn’t the first hospital or clinic that has had to pay for cyber-attacks. Over the past few years, OTW has been documenting lawsuits against providers over data breaches. For OTW’s previous coverage of cyber-attacks that have cost clinics, see “Victims Can Sue Ortho Clinics if Data Hacked,” “Banner Health Agrees to Pay $6 Million for Data Breach,” and “Four Patients Sue DCH Health System After Ransomware Attack.”
Healthcare data breaches of 500 or more records are reported to the Department of Health and Human Services. There are 884 data breaches from the past 24 months that the Office for Civil Rights is currently investigating. What will these data breaches cost providers?
React:
Discussion
This is a fascinating development. In my practice we've seen similar outcomes with the revised protocol. The key differentiator seems to be patient selection criteria. Has anyone else noticed the correlation with BMI thresholds?
Great point. I'd push back slightly on the conclusion, the sample size in the cited study is too small to draw population-level inferences. That said, the directional signal is compelling and worth a larger RCT.
We implemented a similar approach last year. Early results are promising but we're still gathering 12-month follow-up data. Happy to share our protocol if anyone is interested.
Join the conversation
Orthopedic professionals are discussing this. Sign in and upgrade to read every comment and add your voice.