The operators of Pavia Hospital Santurce and Pavia Hospital Hato Rey are facing a lawsuit over a data breach that the plaintiffs claim was caused by the companies’ negligence in securing patient information.
The operators of Pavia Hospital Santurce and Pavia Hospital Hato Rey have been named in a proposed class action lawsuit filed over a data breach that the plaintiffs claim was caused by the companies’ negligence in securing patient information. The case alleges that the Guaynabo, Puerto Rico hospitals’ inadequate security systems and slow response to the breach have exposed thousands of patients to an increased risk of identity theft and fraud.
According to the 27-page complaint, defendants Metro Santurce, Inc. and Metro Hato Rey, Inc. discovered a breach of the hospitals’ computer systems on February 12, 2019. During the incident, hackers gained access to the systems—where patients’ names, addresses, dates of birth, gender, financial information, and Social Security numbers were stored—and demanded money in return for their release, the case says.
The hospitals allegedly made “repeated promises and representations” to patients that their private information would be protected and would not be disclosed to third parties. The lawsuit claims that although the defendants were “fully aware” of the risks of security breaches and their duty to maintain “reasonable and appropriate” data security—including by complying with the Health Insurance Portability and Accountability Act (HIPAA)—they failed to do so.
The case adds that the defendants waited more than four months after learning of the breach to notify patients that their private health data and personal information had been compromised. The hospital operators’ failure to prevent the breach, coupled with their lethargic response, has subjected patients to “compensable damages,” the suit says, including the cost of monitoring their credit and bank accounts to “mitigate future loss.”
The suit seeks to cover anyone in the U.S. whose personal information was compromised in the Pavia Hospital Santurce and Pavia Hospital Hato Rey data breach that occurred in February 2019, with a separate proposed class for those living in Puerto Rico.