Cyberbreach Lawsuit Does Not Prevail, Despite Massive Breach

Personal information on about a half million patients may have been compromised when a computer was stolen from a southern California hospital in 2011. The hospital was then targeted with a class action lawsuit seeking damages of $1,000 per patient, which comes to about $500,000. Now a California appeals court has ruled in favor of the defendant, which it said did not violate the state’s medical privacy statute. The lost information consisted of name, medical record number, age, date of birth and the last four digits of social security number, but not health information, and it was password protected, although not encrypted. The judge writing for the panel said that it’s clear “from the plain meaning of the statute that medical information cannot mean just any patient-related information held by a health care provider.”