Plaintiffs Holding Hospital’s Feet to the Fire Over Data Breach

Dothan, ALA data breach stemming from online commerce is concerning enough, given the growth of e-commerce. With more and more retailers encouraging purchases online, the potential for further data breaches looms, akin to the massive data breach last year involving Target.

But there are other disconcerting data breaches, such as personal information and patient records increasingly digitized and stored electronically at hospitals. To that end, Flowers Hospital, located in Dothan, Alabama, has been hit with a class-action data breach lawsuit.

According to a report by WTVY in Dothan, Flowers Hospital sent a letter to an undisclosed number of patients this past spring, noting that a potential data breach may have put the patients’ personal information at risk.

The letter, dated April 15, 2014, acknowledged that a former employee at the hospital - whose employment with Flowers had since been terminated - was believed to be the culprit at the center of the alleged data breach. The WTVY report identified the employee as Kamarian Millender, who was reportedly arrested not long after and charged with trafficking in stolen IDs.

According to reports, the data breach at the hospital spanned an eight-month period from June 2013 through February of this year. The data breach class-action lawsuit was filed three weeks after Flowers Hospital issued the letter to patients. Lead plaintiff Bradley S. Smith accused the hospital of having a flagrant disregard for the privacy rights of the co-plaintiffs, and by failing to safeguard their personal information.

The data breach class action further alleges that the hospital’s failure to keep personal records and information secure was in violation of the Fair Credit Reporting Act, further subjecting the plaintiffs to increased risk for identity theft and medical fraud.

For its part the hospital doesn’t buy the plaintiff’s arguments, and earlier this month attempted to have the lawsuit dismissed. In the defendant’s view, increased likelihood of identity theft going forward was insufficient grounds to confer standing on the plaintiffs. The hospital cited a 2013 US Supreme Court ruling, Clapper v. Amnesty International USA, as the basis for its position.

Plaintiffs, however, are confident in their case. It was reported that four of the five named plaintiffs claimed that an unidentified third party had used their Social Security numbers to file false tax returns. Flowers Hospital asserts that the crime of filing a false tax return is insufficient to link the crime to a financial loss.

However, the plaintiffs are pressing forward. Millender, according to reports, had accessed and copied a trove of data including, but not limited to, names, addresses, health insurance information and Social Security numbers. Flowers Hospital had agreed to provide affected patients with free credit monitoring, but that wasn’t good enough for the plaintiffs, who feel the breach should not have happened in the first place.

Attorneys for the plaintiffs assert in excess of 1,000 patients may have been affected by the data breach.

The case is Smith et al. v. Triad of Alabama LLC d/b/a Flowers Hospital; Case No. 1:14-cv-00324, in the US District Court for the Middle District of Alabama.