On Wednesday a class action was filed in the District of Montana against Logan Health, regarding Health Insurance Portability and Accountability Act (HIPAA) data provisions after a data breach.
HIPAA contains provisions providing minimum standards for protection of personally identifiable information (PII) for patients as well as penalties for failure to protect that information. Logan Health is a medical center and collects patients for several legitimate purposes including billing, medical records, and other business purposes. However, the plaintiff accuses the defendant of not taking sufficient action to prevent the theft of this information by a malicious actor.
The plaintiff notes that this data breach in 2021 was the latest in a series of breaches reported by this defendant, and even in the face of previous breaches, plaintiff argues that the defendant did not take new or sufficient actions such as training, security protocols, or further infrastructure protections to prevent further breaches.
Plaintiff is suing as a class with other patients affected by the breach for negligence, invasion of privacy, breach of implied contract, breach of the Montana consumer protection laws, and unjust enrichment. The plaintiff is represented by Heenan & Cook.