21st Century Oncology breach prompts bevy of class-action lawsuits

Cancer center chain 21st Century Oncology faces at least seven class-action lawsuits related to a cyberattack that compromised the data of 2.2 million people, according to Healthcare Info Security.

The suits claim the company, which operates 181 cancer treatment centers, failed to adequately protect patient data.

They allege the company violated the Federal Trade Commission's Fair Credit Reporting Act (FCRA) and the Florida Deceptive and Unfair Trade Practices Act, in addition to claims of breach of contract, unjust enrichment, negligence and invasion of privacy.

The lawsuits, which seek unspecified damages, likely will be consolidated. Cases based on claims of FCRA violations have faced an uphill battle.

A pair of lawsuits brought against Advocate Health and Hospitals Corp. based on FCRA claims were dismissed last May and July, with both decisions upheld by an appellate court last August.

One of the lawsuits against 21st Century includes a claim of unjust enrichment, one of the newer tactics in class-action suits based on the idea that an expectation of privacy was part of the patient's purchase decision. Health insurer AvMed in 2013 settled such a case with some class members by refunding portions of their paid premiums.

Privacy attorney Kirk Nahra of the law firm Wiley Rein tells Healthcare Info Security that he doesn't see that tactic being successful.

"This allegation that 'some unknown percentage of my payment to you was for data security and I deserve it back' is creative, but has not been successful and is not actually a subject of any kind of negotiation in any meaningful commercial sense," he says.

To learn more:
- read the article