Do you know who pays for a data breach?
Who Pays for a Data Breach?
1 min read Premium comments
Secondary#cyberattacks#databreach
Your first response may of course be the individuals who have had their data exposed. Those individuals pay with the time, stress, and potential risks associated with their data being exposed as well as the costs to monitor their personal information.
However, orthopedic practices and hospitals may also have to pay. Especially if the organizations are sued by the individuals who had their data exposed.
Northeast Orthopedics and Sports Medicine, PLLC is facing such legal action. The proposed class action comes in response to the November 2023 cyberattack that exposed the personal data of approximately 177,276 individuals.
The lawsuit claims that Northeast Orthopedics failed to protect the personal data of the individuals who had their information exposed during the cyberattack. In the lawsuit, it is alleged that the orthopedic practice failed “to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices, including, but not limited to, names, Social Security numbers, driver’s license information, payment information, and dates of birth (‘personally identifying information’ or ‘PII’) and medical and health insurance information….”
This is not the first class action to be filed against an organization after a data breach. OTW has covered a number of these lawsuits. For OTW’s previous coverage of organizations paying for data breaches, see “Bienville Orthopaedic Specialists Sued Over Data Breach,” “The Price of a Data Breach,” “Banner Health Agrees to Pay $6 Million for Data Breach,” and “Victims Can Sue Ortho Clinics if Data Hacked.”
Patients and other individuals have found that they can sue after their data is exposed and if the lawsuit is successful, the organizations have to pay. Do these continuing lawsuits indicate a growing trend? If this is a trend then it may indicate that orthopedic practices and hospitals not only need to be worried about cyberattacks but also about the threat of litigation after the cyberattack.
React:
Discussion
This is a fascinating development. In my practice we've seen similar outcomes with the revised protocol. The key differentiator seems to be patient selection criteria. Has anyone else noticed the correlation with BMI thresholds?
Great point. I'd push back slightly on the conclusion, the sample size in the cited study is too small to draw population-level inferences. That said, the directional signal is compelling and worth a larger RCT.
We implemented a similar approach last year. Early results are promising but we're still gathering 12-month follow-up data. Happy to share our protocol if anyone is interested.
Join the conversation
Orthopedic professionals are discussing this. Sign in and upgrade to read every comment and add your voice.