UCLA Health System Class Action Develops After Data Breach

The UCLA Health System class action was filed against the University of California, Los Angeles, after a data breach put the private information of 4.5 million patients in jeopardy. The lawsuit, filed in the Los Angeles County Superior Court, states the UCLA Health System failed to protect the information. In addition, the hospital waited too long, allegedly 10

ByJared Firestone, J.D.

|

Updated on

Data Breach Expert Witness

The UCLA Health System class action was filed against the University of California, Los Angeles, after a data breach put the private information of 4.5 million patients in jeopardy. The lawsuit, filed in the Los Angeles County Superior Court, states the UCLA Health System failed to protect the information. In addition, the hospital waited too long, allegedly 10 months, to disclose the breach following its discovery.

Still, UCLA has not stated whether any information was actually accessed, but admits that the possibility exists. The breach possibly exposed information such as social security numbers, health plan identifications, and other personal medical information of the millions of patients in the UCLA system.

The UCLA Health System class action complaint further states that UCLA was negligent in not defending its data systems. Especially in light of an increase of data breaches in general. Such as the infamous Home Depot breach of 2014. According to the complaint, UCLA violated the Health Insurance Portability and Accountability Act (HIPAA). As they didn’t protecting this data by performing simple safeguards, such as data encryption. Other violations the complaint lists includes the Confidentiality of Medical Information Act, unfair competition, invasion of privacy, and negligence.

In an effort to mitigate damages and protect its patients, UCLA has offered any patients whose data may have been compromised 12 months of identity theft recovery services. As well as twelve months of credit monitoring services for those with Social Security or MediCare information. All of these services will be provided for free by the university.

A computer forensics expert and public health expert would be useful in this case. A computer forensics expert would be able to provide information regarding when the breach likely occurred. Thus discovering how long UCLA waited to reveal the information. They can also provide information on how likely a breach was to occur given the set-up of UCLA’s data system. Including whether they did enough to protect the data. A public health expert would be able to explain whether or not UCLA violated certain medical and health insurance policies and laws.

About the author

Jared Firestone

Jared Firestone, J.D.

Jared Firestone, J.D., is a multi-disciplinary attorney with expertise in a range of legal areas. He founded and operated Firestone Law Firm PA in Hollywood, Florida, and worked as an Associate Attorney at Gustman Law P.C. in New York. His practice areas include Personal Injury, Criminal Defense, Medical Malpractice, Trusts & Wills, Civil and Commercial Litigation, Family Law, Real Estate, and Immigration. Additionally, he has experience in real estate, focusing on residential property in the Miami/Fort Lauderdale areas. Firestone also served as a pro bono Mediator at the Benjamin N. Cardozo School of Law Divorce Mediation Clinic. He holds a J.D. from Cardozo School of Law, where he honed skills in E-Discovery, Divorce Mediation, and Legal Writing, and a Bachelor’s degree in Philosophy from Tulane University.

background image

Subscribe to our newsletter

Join our newsletter to stay up to date on legal news, insights and product updates from Expert Institute.