in Newswire February 12, 2020

Puerto Rico Hospital Operators Hit with Class Action Over February 2019 Data Breach

by Erin Shaak

Last Updated on February 12, 2020

View Comments

Quintero et al. v. Metro Santurce, Inc. et al.

Filed: February 11, 2020 § 3:20-cv-01075

Read Complaint

The operators of Pavia Hospital Santurce and Pavia Hospital Hato Rey are facing a lawsuit over a data breach that the plaintiffs claim was caused by the companies’ negligence in securing patient information.

Defendant(s)

Metro Santurce, Inc. Metro Hato Rey, Inc. Pavia Hospital Santurce Pavia Hospital Hato Rey

Law(s)

Health Insurance Portability and Accountability Act

State(s)

Puerto Rico

The operators of Pavia Hospital Santurce and Pavia Hospital Hato Rey have been named in a proposed class action lawsuit filed over a data breach that the plaintiffs claim was caused by the companies’ negligence in securing patient information. The case alleges that the Guaynabo, Puerto Rico hospitals’ inadequate security systems and slow response to the breach have exposed thousands of patients to an increased risk of identity theft and fraud.

According to the 27-page complaint, defendants Metro Santurce, Inc. and Metro Hato Rey, Inc. discovered a breach of the hospitals’ computer systems on February 12, 2019. During the incident, hackers gained access to the systems—where patients’ names, addresses, dates of birth, gender, financial information, and Social Security numbers were stored—and demanded money in return for their release, the case says.

The hospitals allegedly made “repeated promises and representations” to patients that their private information would be protected and would not be disclosed to third parties. The lawsuit claims that although the defendants were “fully aware” of the risks of security breaches and their duty to maintain “reasonable and appropriate” data security—including by complying with the Health Insurance Portability and Accountability Act (HIPAA)—they failed to do so.

The case adds that the defendants waited more than four months after learning of the breach to notify patients that their private health data and personal information had been compromised. The hospital operators’ failure to prevent the breach, coupled with their lethargic response, has subjected patients to “compensable damages,” the suit says, including the cost of monitoring their credit and bank accounts to “mitigate future loss.”

The suit seeks to cover anyone in the U.S. whose personal information was compromised in the Pavia Hospital Santurce and Pavia Hospital Hato Rey data breach that occurred in February 2019, with a separate proposed class for those living in Puerto Rico.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on February 12, 2020 — 4:02 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.