As more and more businesses require customers to submit sensitive personally identifiable information (PII) to provide goods or services – such as Social Security numbers, and birth dates – people are forced to trust that these companies will safely store their data. Unfortunately, that is not always the case.
There were 2,216 confirmed data breaches worldwide in 2017 alone. Data breaches affect companies of all sizes, with 58 percent of targets categorized as small businesses across a range of industries, including health care, education, and financial services.
While data breaches that dominate the news tend to involve the massive corporations and tens of millions of victims, a smaller data breach of a local business that affects people in a limited geographic area is more likely to come across the desk of most attorneys. Three types of data breaches frequently occur in local communities: phishing emails to office staff, employees improperly accessing medical records, or hackers deploying ransomware. Although these data breaches may be “small” in scale, the impact on victims and local communities can be devastating.
Big data breaches grab headlines, but smaller-scale, localized ones occur frequently and have the same impact on consumers. Learn about the features of these breaches and how to handle them in the below article published by the American Association for Justice and written by Faraci Lange partner Hadley Matarazzo and Cohen & Malad attorney Lynn A. Toops.
Practicing law is Kathryn Lee Bruns’ profession, yet counsel work offers perspectives which add meaning to her personal interests.
“I have a new appreciation for the things that so many take for granted,” said Bruns, of Faraci Lange.
Physical activity brings her peace and healing: hikes with her husband, playtime with her daughter, yoga practice and meditation. The board of directors member and secretary for Braddock Bay Bird Observatory — an ornithological research, education and conservation nonprofit — also finds solace in nature. “Spring and fall migration seasons are particularly exciting for me,” she said.
Prior trial and appellate court clerkship positions and civil defense litigation enhance her knowledge of federal and New York state practice and procedure, which she draws from when working on cases reviewed in the Western District.
“I learned so much during those years and had some terrific mentors along the way,” she said, adding, “In 2007, I came to Faraci Lange and found my passion.
“My practice consists of both consumer protection class action work and all categories of personal injury litigation. In both areas … I work with clients and their families after unexpected tragedies occurred or they’ve been wronged by predatory consumer practices.”
Bruns represents the interests of 10 million health plan subscribers whose personal and health information were compromised in data breaches within the Excellus BlueCross BlueShield and other Lifetime Healthcare Inc. affiliate networks. In 2015, Excellus alone served roughly 1.6 million Upstate New Yorkers and reported that cyberattacks resulted in unauthorized access to data tied to 7 million individuals.
“The stress of the work I do requires that I be re-centered regularly,” Bruns said. “My (toddler) is the joy of my life. She has taught me the most about being present in the moment: It’s where she lives! Without (my) interests and without the love and support of my husband, I could not do the work I do and stay positive.”
While all families face tragedy, Bruns said, her clients face tragedies brought on by others.
“The law is designed to help (but) often involves a complex landscape requiring specialized knowledge and experience,” she said. “I have found it immensely rewarding to help people adjust to their ‘new normal’ (after having been invited) into their lives and homes, in a very personal and intimate way.”
Attorney/client relationships built on trust and communication provide a platform for explaining how the law offers protection and can help remedy their own situations.
“(Debilitating) injuries affect daily living and life’s enjoyment,” she said. “I am fortunate to be able to seek justice for these families and help them meet their needs through financial accountability.”
Each story is underscored by pain of its own and has the potential to be heartbreaking.
“When my telephone rings, the person on the other end almost always has just suffered a terrible experience,” said Bruns, citing cases involving financial fraud, identify theft, physical injury and death.
“Sometimes, it’s hard not to take the tragedy home (or) allow the unfairness and injustices caused by others to affect my own outlook on life. Still, the balance tips the other way, when I’m able to make a real difference for our clients,” she said. “(I) am constantly humbled by the resiliency of the human spirit.”
In her downtime, Bruns volunteers with Camp DayDreams—an affiliate of the Boys & Girls Clubs of Rochester. The nonprofit aims to develop, challenge and empower urban youth to serve themselves, their families and the community through its Camp & Grow program.
“I have been involved with Camp DayDreams for more than 10 years now,” she explained. “I met John McIntrye (its founder) through mutual friends. His passion for youth and for the underserved in our community was inspiring to me.”
Her involvement has included planning and organizing CDD’s annual spring fundraiser. She and her husband, she said, are continually inspired by those who support the camp’s mission.
The University of Minnesota alumna received her J.D. cum laude from SUNY at Buffalo School of Law and is a member of the American Association for Justice, New York State Bar Association, New York State Trial Lawyers Association, Monroe County Bar Association and Greater Rochester Association for Women Attorneys.
Click here to read the full article published by The Daily Record.
U.S. District Court Judge Elizabeth A. Wolford, who is presiding over the Excellus data breach class action, reinstated certain plaintiffs’ claims in a decision released on Friday that reconsidered and reversed her previous ruling dismissing those claims.
In a decision last February, Judge Wolford ruled that four of the twenty named plaintiffs in the class action could not proceed with their claims as they had not alleged any misuse of their personally identifiable information due to the breach. According to this ruling, the plaintiffs’ risk of future harm was not “certainly impending” and so they had failed to allege an injury sufficient to establish Article III standing.
Following the February decision, the plaintiffs filed a motion for reconsideration in March, arguing the Court had relied on undeveloped details regarding the breach that should not have been considered at this stage.
The Second Circuit’s May decision in the Whalen v. Michaels Stores Inc. case also helped strengthen the plaintiffs’ motion for reconsideration.
The Whalen decision indicated in dicta that the theft of personally identifying information, such as Social Security numbers or birthdates, in a data breach would be enough for standing based on a threat of future harm.
“Until the Supreme Court or the Second Circuit definitively weighs in, in this circuit at least, harm based on the theft of personally identifying information, such as a Social Security number or date of birth, as alleged [by the Excellus plaintiffs], is sufficient to establish standing,” stated Judge Wolford in her decision.
The plaintiffs’ motion for reconsideration also revealed new evidence which established that three of the dismissed plaintiffs’ data had been extracted from Excellus and was for sale on the dark web. This reinforced their claims that their personally identifying information had been compromised and that hackers had harmful intentions.
Judge Wolford explained, “Had the court had the benefit of all this additional information when it rendered its decision and order, it would have reached a different conclusion — and it does so now.”
“The plaintiffs are pleased by the Court’s ruling and are thankful that the claims of the representative plaintiffs whose personally identifiable and health information has been stolen, but not yet misused, are reinstated and will move forward on behalf of this class of individuals,” said Hadley in a statement to the Democrat & Chronicle.
Please visit our Excellus Data Breach page to learn more or contact us at (585) 325-5150 for a free legal consultation if you think you may be eligible for a consumer protection claim.
Last week, the consumer credit reporting agency, Equifax, announced that a data breach had compromised the Social Security numbers, dates of birth, names and addresses of up to 143 million Americans.
This massive data breach has put millions of Americans at risk for identity theft and other potentially harmful cyber crimes.
In an editorial published in the New York Times, Zeynep Tufekci stresses the underlying political reason why cybersecurity has become so weak in recent times.
“Big corporations have poured large amounts of money into our political system, helping to create a regulatory environment in which consumers shoulder more and more of the risk, and companies less and less,” Tufekci wrote.
Although no software system can be free from bugs, most data breaches aren’t inevitable and are a result of neglect and under-investment in cybersecurity.
In addition to the news of Equifax’s data breach, it was revealed that three of the company’s executives sold $2 million worth of stock soon after the breach’s discovery in July.
A company spokesperson stated that the executives had no knowledge of the breach at the time they sold “a small percentage of their Equifax shares”.
As long as this unaccountability exists for corporations and their executives, data breaches will continue to occur and consumers will continue to be put at risk.
Read the full article here.
If you believe you are eligible for a consumer protection claim, please call or text us at (888) 325-5150 or fill out a contact form for a free legal consultation.
Faraci Lange Partner, Hadley Matarazzo, will be speaking at the Practising Law Institute’s 22nd Annual Consumer Financial Services Institute being held in March.
The conference is scheduled for March 27th – March 28th at the PLI’s New York Conference Center.
Hadley will be speaking about data security and privacy issues. Her topics will include:
- Recent case developments and trends, including standing and damages theories
- Legislative and regulatory update
- Compliance issues, including Office of Civil Rights fines
- Settlement structures and strategies
Click here to learn more and register.
Hadley has handled various consumer protection cases and was appointed Co-Lead counsel in the Excellus Data Breach class action litigation.
If you believe you may be eligible for a consumer protection claim, contact Hadley Matarazzo at (585) 325-5150 or click here to email her for a free legal consultation
The top ten data breaches within the healthcare industry in 2016 were caused primarily by cybersecurity attacks such as ransomware and unauthorized access.
In 2016, approximately 300 data breach incidents were reported to the Office for Civil Rights, among which 95 were caused by an IT-related or hacking occurrence and 125 stemmed from unauthorized access or disclosure. Theft of devices or records caused 58 of the reported breaches, while 16 were accredited to loss and seven to improper disposal.
HealthITSecurity‘s published their annual countdown of 2016’s top ten data breaches in the healthcare industry:
10. Premier Healthcare, LLC
9. Central Ohio Urology Group, Inc.
8. California Correctional Health Care Services
7. Radiology Regional Center, PA
6. Peachtree Orthopaedic Clinic
5. Bon Secours Health System Incorporated
4. Valley Anesthesiology and Pain Consultants
3. 21st Century Oncology
2. Newkirk Products, Inc.
1. Banner Health
One of the largest healthcare data breaches of 2015 was the Excellus data breach, which compromised the personal health information of over 10 million people.
An Excellus class action lawsuit, which was co-lead by Faraci Lange’s Hadley Matarazzo, alleged that the company failed to protect customer information, waited too long to tell customers about the breach and did not give customers adequate information about how to protect themselves in the wake of the breach.
Learn more about the Excellus data breach lawsuit here.
If you believe you are eligible for a consumer protection claim, please call or text us at (888) 325-5150 or fill out a contact form for a free legal consultation.
Senator Sherrod Brown announced last week his plan to introduce a bill that would ban Wells Fargo from using forced arbitration clauses in contracts, which had been preventing their customers from suing the bank over unauthorized accounts opened by employees.
This follows a recent scandal in which Wells Fargo bank employees opened as many as two million accounts in the names of their customers without consent in order to meet aggressive sales quotas.
Presidential nominee, Hillary Clinton, criticized Wells Fargo and other companies in a speech for using fine print in customer contracts to force disputes to be handled in private arbitration rather than allowing clients to go to court.
Similar forced arbitration clauses were also banned in nursing home facilities.
Senator Brown’s bill would invalidate forced arbitration clauses in the contracts of consumers who had unauthorized accounts open in their names.
“Giving customers back their right to take Wells Fargo to court gives them the power to ensure they are made whole and helps prevent cases like this in the future,” Senator Brown stated in a press release.
Read the full story here.
Please contact Hadley Matarazzo at (585) 325-5150 or contact us for a free legal consultation if you think you are eligible for a consumer protection claim.
A class-action complaint regarding the Banner Health data breach was filed this week by Faraci Lange attorneys Hadley L. Matarazzo and Kathryn Lee Bruns, along with local counsel Paul L. Stoller and Lincoln Combs of Gallagher & Kennedy.
Filed on August 23rd, 2016, the class action complaint brought against Banner Health and Banner-University Medical Group claims the organization’s “failure to adequately protect the confidential, private personal and health information of patients, members, customers, and healthcare providers.”
Due to the cited negligence, the plaintiffs and other class action members have suffered great harm as well as the impending risk of future harm. The information exposed in this data breach allows anyone with access the ability to steal someone’s identity.
If you received a notice from Banner Health informing you that you and/or your family may be victims of this cyber attack, please contact Hadley Matarazzo at (585) 325-5150 or contact us for a free legal consultation.
On Thursday, consumers in New York federal court argued that the Blue Cross Blue Shield Association cannot escape the class action claims it faces over a health insurance data breach and must be held responsible for failing to protect sensitive information.
The BCBSA proposed a bid to shake the data breach claims against Excellus BlueCross BlueShield, which is one of its licensees. Customers fiercely criticized this bid, contending that Excellus had signed a contract promising health care to federal workers and it would ensure the protection of consumer information.
The proposed class action lawsuits, which began after hackers gained access to about 10 million consumer records, allege that the company “failed to protect customer information, waited too long to tell customers about the breach and did not give customers adequate information about how to protect themselves in the wake of the breach.”
BCBSA moved to toss the data breach claims against it last month, arguing that it merely entered into the contract on behalf of independent insurance companies that it licenses the Blue Cross and Blue Shield marks to.
Faraci Lange partner Hadley L. Matarazzo, who represents the customers, told Law360 that “BCBSA, as sponsors and administers of a health plan for federal employees, made certain promises regarding data security that they failed to live up to.”
Read the full article here.
Please visit our Excellus Data Breach page to learn more or contact Hadley Matarazzo at (585) 325-5150 for a free legal consultation if you think you may be eligible for a consumer protection claim.
Faraci Lange attorneys, Stephen G. Schwarz and Kathryn Lee Bruns, represent plaintiffs in a medical records class action lawsuit against a group of hospitals and their records administrator for charging patients excessive fees for copies of their medical records.
In Carter et al. v. HealthPort Technologies, Inc., et al., the U.S. Court of Appeals for the Second Circuit revived the class action lawsuit on Tuesday after it had initially been dismissed by the lower court last year on grounds that the plaintiffs’ attorneys were the ones to pay for the medical record copies, not the clients themselves.
The complaint was filed in May 2014 by Marissa Carter, along with several other former patients, against Rochester General Hospital, Unity Hospital of Rochester, F.F. Thompson Hospital, and their records agent HealthPort Technologies, LLC.
Plaintiffs claimed that the hospitals and HealthPort overcharged clients for copies of their medical records in violation of New York’s Public Health Law, which authorizes health care providers or their agents to impose a reasonable charge for such copies “not exceeding the costs incurred by such provider.”
HealthPort charged the plaintiffs $0.75 per page, as well as a $2 fee for electronic delivery. Plaintiffs allege that defendants levied these charges without regard to the actual cost of production, which was substantially less. Plaintiffs further allege that the charges grossly exceeded what the actual cost was and included built-in kickbacks to the hospitals from HealthPort.
United States District Court Judge Frank P. Geraci, Jr., dismissed the suit for lack of subject matter jurisdiction on standing grounds, reasoning that plaintiffs themselves failed to allege that they were injured by these practices. However, the Second Circuit reversed the decision in the plaintiffs’ favor, ruling that the plaintiff patients sufficiently alleged that they “ultimately bore the expense” of their records.
“The fact that the payments were to be promptly made by the attorneys does not contradict the allegation that plaintiffs themselves were or would be the ultimate payors,” Circuit Judge Amalya L. Kearse wrote in the unanimous opinion.
“If such a fee was unlawfully inflated, as plaintiffs here claim, it is sufficiently alleged that it is the client who was injured. We conclude that the complaint did not fail to show that plaintiffs themselves suffered injury-in-fact.”
Schwarz and Bruns, along with co-counsel Kai Richter of Nichols Kaster, are pleased with the Second Circuit’s decision and look forward to litigating the case on the merits on behalf of the plaintiffs and the other putative class members.