Here are four data breach lawsuits involving health systems as reported by Becker's since Sept. 26.
- Mon Health (Morgantown, W.Va.) is being sued over a December 2021 data breach that had compromised the health and personal data of at least 492,861 people. The lawsuit alleges that the health system failed to protect patient data and failed to notify patients of the breach in a timely manner.
- Advocate Aurora Health (dually headquartered in Downers Grove, Ill., and Milwaukee), alongside Facebook parent company Meta, is facing a lawsuit over their use of "pixel" technology that may have ensnared protected health information. The health system installed the pixel tracker to monitor patient behavior, but the tracker may have sent more than 3 million patients' information to the social media company. The suit alleges that because of this, Meta and Advocate violated privacy laws.
- WakeMed (Raleigh, N.C.) is facing a patient-led lawsuit for installing a pixel tracking tool from Facebook on its website and patient portal that allegedly led to patient data being sent to the social media company. The lawsuit alleged that for at least four years, WakeMed had the tracking tool, Meta Pixel, installed on its website and patient portal, which allowed it to capture and transmit certain information entered by patients. Patient information such as names, contact details, computer IP addresses, emergency contact information, check-in information, Social Security numbers and financial information were allegedly collected by the tool without the consent of patients.
- OakBend Medical Center (Richmond, Texas) is facing a class action lawsuit over a September ransomware attack and data breach that exposed the personal information of more than 1 million patients. The plaintiffs allege that the hospital failed to take adequate measures to protect the personal information of patients, as well as failed to adequately notify patients of the breach and provide details about what information was exposed.