Patients sue UCLA over encrypted data breach

UCLA Health System faces a class-action lawsuit regarding a data breach that involved the electronic health records of 16,288 patients.

Even though the hard drive, which was stolen during a home invasion of a former employee, was encrypted, a piece of paper with the password needed to access patient data was lost as well, as FierceHealthcare previously noted.

The law firm Kabateck Brown Kellner, which is representing the affected patients, claims the California health system failed to keep patients' personal information confidential as required by state law.

The suit seeks $1,000 for each member of the class plus attorneys' fees, which could total as much as $16 million, notes iHealthBeat.

A few months before the September theft occurred, UCLA Heath System agreed to pay a fine of $865,000 and to develop a correction action plan to settle potential HIPAA privacy violations involving improper disclosures of medical records at its three hospitals.

For more information:
- read the iHealthBeat article
- here's the FierceHealthcare article on the breach