This morning we woke up to yet another major security breach — a US hospital group said it was the victim of a cyber-attack resulting in the theft of 4.5 million people’s personal data. According to the Community Health Systems, the attack and breach happened in April and June of this year. Reportedly, the data included patient names, addresses, birth dates, telephone numbers and social security numbers. This time, the breach affected a hospital group which runs 206 hospitals in 29 states.
Putting aside the issue of the ongoing FBI investigation and that the data could (and most likely will) be used to steal people’s identity, this breach brings to the forefront, yet again, the issue of cyber liability of the company that managed the accounts.
We have been advising our clients regarding cyber liability risks for quite a number of years. Protection from cyber liability is especially critical for those companies that, in the course of their operations, whether over the internet or otherwise, collect data about their patients, clients or customers that includes personally identifiable data. However, any company that accepts credit cards or other electronic payments online is exposed. At the end of the day no customer is interested in hearing that the company used some unknown payment processing center, so the company selling goods or services will be at the forefront of the liability exposure.read more