Personal records and insurance information on 18,000 North Shore-Long Island Jewish Health System patients were compromised by a data breach that occurred last year in Texas but went undisclosed for many months, and now Weitz & Luxenberg P.C. is considering filing negligence, economic injury and failure-to-warn claims against Dallas-based Global Care Delivery, the law firm today announced.
The patients affected by this data breach may have legal rights to compensation from Global Care Delivery.
For example, if leaked confidential records end up in the hands of identity thieves, Global Care Delivery could be liable for unauthorized credit purchases billed to the patients.
Global Care Delivery would likely be ordered by a court to pay the victimized patients an amount equal to that of the unauthorized purchases, the firm explained.
There would be grounds as well for other damages and additional compensation.
W&L is currently meeting with victimized North Shore-Long Island Jewish Health System patients to explore their rights to recovery from Global Care Delivery.
Patients whose confidential information was compromised in this data breach may contact W&L for a no-cost, no-obligation evaluation of their legal rights. Patients may arrange for this evaluation by calling (212) 558-5786 or by submitting an online form or starting an online chat.
Five Stolen Laptops Held North Shore’s Data
The data breach was discovered to have taken place sometime around Sept. 2, 2014, but victimized patients were unaware of it until after North Shore-Long Island Jewish Health System was notified in May 2015, according to Long Island Newsday.
The confidential patient information was compromised when five laptop computers were stolen from the offices of Global Care Delivery, Newsday reported.
Global Care Delivery had possession of the patient data because the company was under contract to North Shore-Long Island Jewish Health System for the processing and collection of insurance payments, Newsday said.
According to Newsday, the data contained in the stolen lap tops included patient names, addresses and Social Security numbers, but no credit card account information or other financial secrets.
“Even though credit card information was allegedly absent from the compromised records, the other information contained within the stolen laptops would have provided identity thieves with enough confidential and private details to perpetrate fraudulent credit transactions in the victims’ names,” said Robin L. Greenwald, who heads the W&L’s Environmental, Toxic Tort & Consumer Protection litigation unit.
To access the data contained on the stolen laptops, identity thieves would first have to crack the system passwords designed to thwart prying by unauthorized eyes, Newsday reported.
However, “unless the passwords were very strong, experienced hackers would likely have little difficulty breaking them,” said W&L associate attorney James Bilsborrow, also of the Environmental, Toxic Tort & Consumer Protection litigation unit.
Were the passwords cracked and the laptops’ contents laid bare, the hackers would find the data awaiting them to be unencrypted, meaning they would encounter no obstacle to harvesting and exploiting the information, Newsday said.
Identity Thieves May Have North Shore Patient Data
Newsday notes that Global Care Delivery did not delay calling police to report the theft of the laptops — which remain missing — but waited until May 11, 2015, to notify North Shore-Long Island Jewish Health System, which in turn informed patients by mail.
Bilsborrow said that, considering the number of patients affected by the data breach, it is possible that individual victims could suffer financial harm running into the thousands or tens of thousands of dollars each.
Added Greenwald, “One source of loss would be money spent on the credit-protection services victims might choose to sign up for in order to protect themselves against criminal misuse of the stolen records.”
“It is very fortunate that these data-breach victims can turn to the law for help,” she said. “Just because a company was careless with confidential data is no reason that the patients and their families should have to suffer.”