Einstein Healthcare Data Breach Class Action Lawsuit
After an August 2020 hack of several employee email accounts, Einstein Healthcare is facing a class action data breach lawsuit, with claims that the health system failed to properly secure and safeguard the health information of tens of thousands of patients.
Einstein notified the public of the data breach in January 2020, almost six months after the incident. According to the Department of Health and Human Services, the Einstein data breach compromised the personal information of over 350,000 patients.
From between August 5 and August 17, 2020, personal data was exposed, including:
- Dates of birth
- Medical records or patient information
- Clinical data, such as diagnoses
- Locations of service
- Health provider names
- Social security numbers
Plaintiffs in the Einstein Healthcare data breach class action allege that Einstein failed to provide timely, accurate, and adequate notice to data breach victims and patients who had their data compromised. The complaint states that Einstein failed to comply with industry standards to protect its network.
Lawyers involved in the case described the tardy notification as “woefully deficient, failing to provide basic details concerning the data breach, including, but not limited to, why sensitive patient information was stored within employee emails which were clearly stored on systems without adequate security, the deficiencies in the security systems that permitted unauthorized access, whether the stolen data was encrypted or otherwise protected, and whether Einstein knows if the data has not been further disseminated.”
The five-month lag in reporting the hack puts Einstein Health Network in possible violation of the Health and Human Services HIPPA Breach Notification Rule, which mandates affected individuals be notified no later than 60 days following the discovery of a breach. The disclosure is meant to include a description of the breach, list the various information involved in the breach, and the steps affected individuals should take to protect themselves.
Individuals affected by the Einstein Healthcare data breach face an increased risk of identity theft, and will be forced to spend time and money to further protect themselves. Einstein has thus only provided identity protection services to patients whose social security numbers were compromised, and has yet to disclose full details of the data breach.
Healthcare data breach lawsuits are on the rise, with several high profile class actions filed each month. Settlements can go a long way to help victims get back on track, and put serious security threats behind them.