The plaintiff’s attorneys also cite training deficiencies that were violations of both HIPAA and Federal Trade Commission regulations. The lawsuit alleges that security awareness training was not provided at defined intervals, and that training did not address different levels of knowledge about technology and cybersecurity.
The data breach lawsuit claims Quest Diagnostic and ReproSource committed negligence, breach of contract, breach of implied contract, and breach of fiduciary duty, and seeks class-action status. The lawsuit claims patients affected by the breach are at elevated risk of identity theft and fraud, and that they have had to spend time protecting themselves against these risks.
The plaintiffs are seeking actual, compensatory, punitive, statutory damages, and attorneys’ fees. They also ask that ReproSource enhance its security systems and return wrongfully retained revenue. In addition, the lawsuit seeks at least three years of credit monitoring services for the plaintiff and class members. ReproSource only offered 12 months of credit monitoring services to affected individuals.
Takeaways from the Data Breach Lawsuit
As ransomware attacks and other cybercrimes continue to grow at an exponential pace, it’s likely lawsuits like the Quest data breach lawsuit will increase as well. Achieving and maintaining HIPAA compliance is now more important than ever.
If your organization is not HIPAA compliant, any violations uncovered during an HHS Office for Civil Rights investigation leave you exposed to serious fines. A finding of non-compliance by government investigators would not be helpful if you’re facing a suit like the Quest data breach lawsuit.
Have you done all you can to make your organization HIPAA compliant? Are there gaps hiding in your HIPAA compliance plan? If you have questions, Compliancy Group has answers. Our solution closes gaps, builds confidence, and addresses the full extent of the 1,000-plus pages of HIPAA regulations.