in Newswire Published on February 24, 2020

Prisma Health-Midlands Failed to Safeguard Patient Information, Provide Timely Notice of Data Breach, Suit Says

by Seth Humeniuk

View Comments

Cochran v. Prisma Health-Midlands

Filed: February 17, 2020 § 3:20-cv-00746-JFA

Read Complaint

A class action suit claims Prisma Health-Midlands failed to adequately safeguard patients’ private health information and provide prompt notice following a data breach.

Defendant(s)

Prisma Health-Midlands

Law(s)

Health Insurance Portability and Accountability Act

State(s)

South Carolina

Categories

Medical/Health Data Breach

A proposed class action lawsuit alleges healthcare provider Prisma Health-Midlands failed to implement adequate security measures to protect patients’ personal and health information from hackers.

In August 2019, Prisma allegedly detected a security breach in which an unauthorized third party gained access to the defendant’s computer systems and network. As a result of the breach, the personal data of approximately 22,000 patients, including Social Security numbers, health insurance information and medical information, was exposed.

According to the complaint, the defendant had a duty under the Health Insurance Portability and Accessibility Act (HIPAA) to protect patients’ information, yet negligently failed to do so. Specifically, the case claims Prisma maintained patients’ protected health information (PHI) in a “reckless manner” and failed to take the following steps, among others, that were necessary to protect patient data:

  • Train all workers effectively on the policies and procedures regarding PHI;
  • Encrypt patients’ PHI;
  • Monitor systems for existing intrusions; and
  • Implement policies and procedures to prevent, detect or correct security violations.

The lawsuit claims Prisma could have discovered the breach sooner had the company properly monitored its computer networks and systems. The defendant also put patients at increased risk of harm by waiting until October 2019 to inform those affected by the data breach, the complaint says. As a result of the defendant’s negligence, the suit contends, Prisma patients have been put at a “heightened and imminent risk of fraud and identity theft,” and must closely monitor their accounts and take active measures, such as freezing credit or purchasing credit monitoring services, to prevent fraud.

The case claims this is the third privacy breach Prisma has suffered in 2019. A phishing attack in April compromised several email accounts and exposed the PHI of 23,811 patients, while a physician’s notebook containing the information of up to 2,770 patients was stolen in July.

The lawsuit looks to represent everyone who used Prisma’s services and whose PHI was maintained on the defendant’s system and later compromised in the data breach discovered in August 2019.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on February 24, 2020 — 1:12 PM

Seth Humeniuk

Seth Humeniuk is the Junior Content Writer for ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.