San Juan Regional Medical Center. (Courtesy of the center)
FARMINGTON – The San Juan Regional Medical Center was affected by a class action lawsuit for the data breach in 2020. The lawsuit alleges that the hospital negligently handled patients’ personal information, which resulted in the disclosure of health information and other sensitive private information.
The new number of 68,792 people affected by the data breach included in the class action lawsuit is an exponentially higher number than the hospital announced earlier this year.
Plaintiff Jeremy Henderson filed a class action lawsuit against Farmington Hospital on October 7, on behalf of himself and others concerned. The lawsuit is aimed at unspecified claims for damages due to the alleged damage.
The San Juan Regional Medical Center declined to comment on the lawsuit.
The hospital has stressed in the past that there is no evidence that the information has been misused.
Attorney Kristina Martinez from Santa Fe and attorneys from Mason Lietz & Klinger LLP, which has offices in Washington, DC and Chicago, did not respond to an interview request.
The hospital told the Daily Times in June that the data breach had affected more than 500 people.
The lawsuit pertains to 68,792 affected patients.
This number is listed on the United States Department of Health’s Civil Rights Abuse portal.
The San Juan Regional Medical Center didn’t answer a question from the Daily Times about why the number had risen to nearly 69,000.
The 50-page class action lawsuit makes several allegations against the hospital and describes in great detail how unauthorized access to the hospital network has affected tens of thousands of its patients.
According to the lawsuit, Henderson was informed in the September 13 letter of the data breach and the compromise of his private data.
It was a year earlier, on September 7th and 8th, 2020, when the hospital learned that “an unauthorized person” had removed information from its network.
The data breach victims had their names, dates of birth, addresses, email addresses, and phone numbers, as well as social security numbers, financial account numbers, passport numbers, driver’s license numbers, health insurance information and medical information, the lawsuit said.
It was also alleged that letters for people with stolen social security numbers and financial information were not sent until September 13th.
“The plaintiff is bringing this class action lawsuit on behalf of people similarly settled to remedy the defendant’s inadequate protection of the class plaintiffs’ private information they collect and maintain and fail to notify the plaintiff in a timely and appropriate manner,” it said in the lawsuit.
It is also alleged that Henderson and other data subjects have been at significant risk of identity theft and fraud and must closely monitor their medical and financial information to protect themselves.
The lawsuit also accused the San Juan Regional Medical Center of failing to properly implement basic data security practices and of failing to implement safeguards required by the Health Insurance Portability and Accountability Act of 1996 (HIPPA).
Henderson also argues that the identity and fraud surveillance offered by the hospital for up to 12 months does not compensate those affected for the time and harm done.
The complaint alleges that Henderson has seen a significant increase in suspicious fraud and spam phone calls and text messages as a result of the data breach.
Comments are closed.