As more and more businesses require customers to submit sensitive personally identifiable information (PII) to provide goods or services – such as Social Security numbers, and birth dates – people are forced to trust that these companies will safely store their data. Unfortunately, that is not always the case.
There were 2,216 confirmed data breaches worldwide in 2017 alone. Data breaches affect companies of all sizes, with 58 percent of targets categorized as small businesses across a range of industries, including health care, education, and financial services.
While data breaches that dominate the news tend to involve the massive corporations and tens of millions of victims, a smaller data breach of a local business that affects people in a limited geographic area is more likely to come across the desk of most attorneys. Three types of data breaches frequently occur in local communities: phishing emails to office staff, employees improperly accessing medical records, or hackers deploying ransomware. Although these data breaches may be “small” in scale, the impact on victims and local communities can be devastating.
Big data breaches grab headlines, but smaller-scale, localized ones occur frequently and have the same impact on consumers. Learn about the features of these breaches and how to handle them in the below article published by the American Association for Justice and written by Faraci Lange partner Hadley Matarazzo and Cohen & Malad attorney Lynn A. Toops.
On Thursday, consumers in New York federal court argued that the Blue Cross Blue Shield Association cannot escape the class action claims it faces over a health insurance data breach and must be held responsible for failing to protect sensitive information.
The BCBSA proposed a bid to shake the data breach claims against Excellus BlueCross BlueShield, which is one of its licensees. Customers fiercely criticized this bid, contending that Excellus had signed a contract promising health care to federal workers and it would ensure the protection of consumer information.
The proposed class action lawsuits, which began after hackers gained access to about 10 million consumer records, allege that the company “failed to protect customer information, waited too long to tell customers about the breach and did not give customers adequate information about how to protect themselves in the wake of the breach.”
BCBSA moved to toss the data breach claims against it last month, arguing that it merely entered into the contract on behalf of independent insurance companies that it licenses the Blue Cross and Blue Shield marks to.
Faraci Lange partner Hadley L. Matarazzo, who represents the customers, told Law360 that “BCBSA, as sponsors and administers of a health plan for federal employees, made certain promises regarding data security that they failed to live up to.”
Read the full article here.