Orlando-based Florida Hospital may be facing two class-action lawsuits for separate data breaches that have occurred over the past four years, according to an Orlando Sentinel report.
The hospital has submitted motions to have both the lawsuits dismissed, according to the report.
The first lawsuit is related to a 2011 breach in which two employees accessed thousands of patient records and sold data to lawyers and chiropractors to solicit referrals. The employees were fired and criminally charged. The second breach was discovered in May 2014. Two employees had been printing parts of medical records of approximately 9,000 patients for more than two years. They too were fired.
The hospital argues that since no patients have suffered identity theft yet, their cases aren't complete, according to the report.
The report indicates the two lawsuits allege the plaintiffs "expected and paid for" data security while at the hospital, but Florida Hospital attorneys argue that no fiduciary duty between a hospital and patient has been recognized by a Florida court and that plaintiffs can't sue based on the risk of identity theft, according to the report.
The two lawsuits are pending in the Orange County Circuit Court, according to the report.
More articles on data breach:
Unencrypted laptop stolen from UCSF: 4 things to know
Conn. Gov. signs data breach security bill into law: 6 things to know
9 latest data breaches