Cyber Liability Claims within Health Care Industry

Mar 7, 2013

Scenario #1

NATURE OF LOSS:

24,000 patient records compromised at a mid-sized hospital

State regulations requirements were triggered

The hospital was required to notify every patient of the breach via Certified Mail

Damages: $240,000

Defense Costs: 42,500

TOTAL AMOUNT PAID: $282,500

Scenario #2

NATURE OF LOSS:

UCSF Medical Center fundraiser instigated a privacy breach

6300 patient names were inadvertently posted on the Internet

Hospitals and other healthcare organization fundraisers widely used patient information, without patients’ explicit permission

Damages:

$126,000

Defense Costs:

$15,000

TOTAL AMOUNT PAID: $141,000

Scenario #3

NATURE OF LOSS:

An Illinois Hospital was hit with a Medical Identity theft lawsuit

A pregnant addict breached another patient’s electronic medical records, compromising her medical identity.

The “thief” delivered a baby testing positive for illegal drugs

Social workers tried to take away the victim’s four children, thinking she was the addict

The patient/victim was forced to hire a lawyer to keep her family

Damages:

$1.2 mill

Defense Costs:

$80,000

TOTAL $1,280,000

Scenario #4

NATURE OF LOSS:

A pharmacy sold a computer to a private individual that still contained prescription records including the names, addresses, and social security numbers and medication lists of pharmacy customers

State law regulations required certified notification to all of the affected parties

Two lawsuits were filed:

Plaintiff alleged damages due to job loss as a result of the disclosure

Plaintiff alleged her identity was stolen and sued to recover costs of correction and emotional distress

A HIPPA investigation was triggered

Total amount paid in excess of $410,000

Scenario #5

NATURE OF LOSS:

A part-time hospital employee gained unauthorized access to confidential electronic patient records

The employee confided a patient’s HIV status to co-workers

The patient sued the hospital for lack of adequate IT security measures which should have protected the patient’s digital records from being breached

Damages: $250,000

Defense Costs: $85,000

Total $335,000

Scenario #6

NATURE OF LOSS:

A woman was treated at a religiously-affiliated medical center following complications of an abortion at a women’s health clinic

Anti-abortion activists posted the medical records and photo of the woman on the Internet, without her knowledge of consent

The woman sued the hospital alleging that it exposed her by releasing her identity and medical records

Total amount paid in excess of $500,000