Are Data Breach Class Action Lawsuits Protecting Patients?Attorney Jeff Westerman on Litigation Trends, Impact on Growing Healthcare Breaches
The prospect of class action lawsuits being filed in the aftermath of a major data breach often has more impact on breached healthcare organizations than the potential for fines and enforcement actions by government regulators, says attorney Jeff Westerman of Westerman Law Corp.
With all the legal expenses and time involved with organizations defending themselves in data breach class action lawsuits, "I don't know that a civil enforcement action would be much more impactful than the private civil litigation that gets filed," Westerman says in a video interview with Information Security Media Group.
While "the regulators or the government can all bring all kinds of resources to bear," very few enforcement cases are pursued, says Westerman, who represented plaintiffs in a class action lawsuit against UCLA Health in 2015 after a cyberattack affected the sensitive health information of 4.5 million individuals.
That consolidated class action lawsuit was settled in 2019. As part of the settlement, UCLA Health agreed to spend up to $5.5 million on improving its data security (see: Analyzing the $7.5 Million UCLA Health Data Breach Settlement).
All in all, when an organization has a major data breach, much is at stake, including reputational damage. "I would think that where you have your customer base or client base, your medical patient base, you would want to convey that you care about their data and that you're taking care of their data," Westerman says.
In this video interview with Information Security Media Group, he also discusses:
- Details of the settlement reached in the UCLA breach;
- The influence that cyber insurers wield;
- Data breach litigation trends.
Westerman’s experience spans over 40 years in law practice. For the past 30 years he has worked almost exclusively as a plaintiff lawyer on complex securities, consumer, antitrust and data breach class actions. Westerman has also served as president or chair of several different legal organizations in Los Angeles.
Over 5,000 health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Targeting Healthcare explores these trends and how the industry can respond.