$16 million class-action lawsuit filed over UCLA Health System data breach

Last month, UCLA Health System notified 16,288 patients that their personal information was compromised when a hard drive was stolen during a burglary of an employee’s home.

“Although this information was encrypted, the password necessary to unscramble the information was written on a piece of paper near the hard drive and cannot be located”, the health system admitted.

The information included patients' first and last names, birth dates, medical record numbers, addresses, and other medical information, but not social security numbers or financial information.

UCLA Health System said it was reviewing its policies and procedures and would make any necessary revisions to help reduce the likelihood of such an incident occurring again.

Apparently that pledge did not satisfy the potential victims who filed a class-action lawsuit this week in Los Angeles County Court against the regents of the University of California. The suit claims that UCLA Health System violated the California Confidentiality of Medical Information Act, which prohibits health care providers from disclosing patient data without consent.

Attorneys are seeking damages of $1,000 per member of the class-action suit, as well as legal fees and certain other costs.

What’s Hot on Infosecurity Magazine?