Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach
Friday, October 16, 2020
Multi-State Healthcare Data Breach Settlement
Print Mail Download i

On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community Health owns over 200 hospitals across the United States and is one of the largest hospital networks in the country. The multi-state settlement follows a separate $2.3 million settlement that Community Health reached with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) in connection with the same data breach.

In August 2014, Community Health disclosed that cyber attackers had gained access to its networks earlier that year and had obtained personal information for approximately 4.5 million patients. Subsequent investigation revealed the total number of affected patients to be more than six million. The attackers gained access to, among other things, patients’ names, addresses, birth dates and social security numbers.

Twenty-eight states were involved in the settlement, including, among others, Illinois, New Jersey and Massachusetts. The amount each state will receive as part of the settlement varies based on the number of residents affected by the data breach. In addition, as part of the settlement, Community Health must undertake additional measures to ensure the protection of sensitive patient information, including, among other things, drafting a written incident response plan, providing additional security and privacy training for employees, and taking steps to limit individual employees’ access to data in the company’s systems.

The settlement with Community Health is the latest financially-significant, multi-state settlement in connection with a large data breach. Since just the beginning of September 2020, publicly-announced, multi-state data breach settlements have resulted in fines and penalties of approximately $45 million. These large – and public – penalties are a reminder of the emphasis being placed on data privacy and data breach enforcement by both the federal government and individual state attorneys general and regulators. With the passage or impending passage of new and onerous data privacy and data breach statutes by individual states, companies should expect that this aggressive and punitive enforcement mindset will continue for the foreseeable future.

© 2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

Current Legal Analysis

More from Faegre Drinker

SCOTUS Denies Certiorari in Cases Concerning FCA Liability Requirement, Objective Falsity Circuit Split Remains Intact
by: Commercial Litigation Practice Group
Groundbreaking Fourth Circuit Decision Upholds Private Plaintiff’s Successful Effort to Unwind a Consummated Merger
by: Kathy L. Osborn , Emily E. Chow
Travel Bans and Quarantine Hotels: Traveling to the U.K. During COVID-19
by: Hodon Anastasi
TCPA Plaintiff Argues he wasn’t Injured in Attempt to Dodge Federal Jurisdiction
by: Marsha J. Indych , Renée M. Dudek
Silver Lining: COVID-19 Engagements Allow More Time for Premarital Financial Planning
by: Jaime A. Quick
Biden EPA Makes First Moves to Address PFAS in Drinking Water
by: Bonnie Allyn Barnett , Brandon W. Kirkham
Predicting the Enforcement Priorities of the Biden DOJ
by: Thomas J. Kelly , Daniel E. Pulliam
New York City Council Imposes Stricter Discipline Requirements on Fast Food Employers
by: Gerald T. Hathaway
Disclosure of Binding Arbitration Not Required In Consumer Warranties, Says Florida Supreme Court
by: Traci T. McKee , Lexi C. Fuson
FCC Order Causes Confusion Regarding Consent Required for Informational Calls to Residential Landlines
by: Matthew M. Morrissey

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins