U.S. Chamber of Commerce sides with CareFirst BlueCross BlueShield in data breach lawsuit

gavel and books
The U.S. Chamber of Commerce says class-action case against CareFirst should be dismissed if plaintiffs can't cite harm.

A national business lobbying group has urged a District of Columbia appeals court to dismiss a class action lawsuit against CareFirst BlueCross BlueShield following a 2015 data breach that compromised 1.1 million patient records.

In August, a district court judge dismissed the claims against the insurer, ruling that the plaintiffs had not suffered any actual injury or harm. In January, the plaintiffs filed an appeal, arguing that the ruling “places no value on a citizen’s right to maintain the privacy of her digital data and held that the privacy of one’s digital profile is of no value.”

RELATED: Healthcare gets a 'D' on cybersecurity report card

In an amicus brief filed this week, the the U.S. Chamber of Commerce argued that if plaintiffs are permitted to pursue legal action in which a data breach has not caused injury, businesses will be "mired in lawsuits over breaches that have not caused any actual or imminent harm to the plaintiffs” and could lead to “massive settlements.”

The Chamber of Commerce repeatedly referenced Spokeo, Inc. v. Robins, in which the Supreme Court overturned a circuit court decision because the plaintiff failed to allege any “actual or imminent harm.” The government agency also pointed to the “already potentially staggering costs of data breaches, along with the enormous reputation damage they can cause” to support its argument that “the mere occurrence of a data breach” should not warrant a class-action lawsuit.

The issue of data breach harm has also emerged in another case against Horizon Blue Cross Blue Shield, following a 2013 breach that exposed more than 800,000 patient records.

Last month, an appeals court revived the lawsuit by vacating a 2015 dismissal. The judges for the United States Court of Appeals for the Third Circuit said that under the Fair Credit Reporting Act, plaintiffs should not have to wait for a tangible injury to occur before filing a claim.  

RELATED: Cybersecurity an executive-level priority for insurers

Following a steady increase of healthcare data breaches, insurers are escalating cybersecurity response plans to the C-suite, and in some cases, the governing board.

Suggested Articles

The House must choose between several competing versions of legislation to tackle surprise medical bills. Here is how they stack up.

A Georgia doctor has been sentenced to 20 years in prison for operating a “pill mill” that dispensed a slew of controlled substances.

A new HHS study found that sepsis hospitalizations cost Medicare $41.8B in 2018 alone. Here's why the experts think that figure's likely to grow.