Call Us Today! 877-659-2467 contactus@arismedicalsolutions.com

Tag: data privacy

Class Action Lawsuits VS Federal HIPAA Laws

Posted bySuze Shaffer

Under the Federal HIPAA law, there is no private right of action. Meaning, a patient cannot directly sue a medical provider for a HIPAA violation. However, most state privacy laws do permit class action lawsuits.
While a federal HIPAA violation itself doesn’t open the organization to class-action lawsuits by patients, a breach or non-compliance often triggers state law (consumer law) class actions, regulatory enforcement, and substantial financial risk and reputational damage.

For example, Florida law fills the “no private HIPAA lawsuit” gap
While HIPAA itself doesn’t permit a private right of action, Florida’s own privacy and consumer protection laws allow individuals to sue when their medical or personal information is mishandled. Common bases for class actions include:


Examples of HIPAA style class actions

Akumin Operating Corp. (Florida-based outpatient radiology/oncology provider)
 2023 breach; class action consolidated 2024-25. Ransomware attack, $1.5 million settlement.
 
Gastroenterology Associates of Central Florida, P.A. (d/b/a Center for Digestive Health / Center for Digestive Endoscopy)
 Discovered April 11, 2024; class action filed 2025. Network intrusion, settlement has been determined but not released.

HCA Healthcare, Inc. data breach (July 2023)
HCA Healthcare agreed to a multi-million-dollar settlement after a breach of data affecting some 11.27 million patients across 20 states. Settlement between $9-10M.
 
Tampa General Hospital (2023)
Subject to class-action claims after a data breach impacted over 1.2 million patients. Allegations included failure to use reasonable cybersecurity measures and delay in notification, invoking both FIPA and FDUTPA. Settlement $6.8M.
 
Lakeland Regional Health (2022)
Data breach leads to litigation under FIPA and negligence, settlement $4M.
 
UF Health Central Florida (2021)
Data breach leads to litigation under FIPA and negligence.
 
Anthem, Inc. breach (2015)
Anthem reported a breach affecting tens of millions of individuals; in 2017 they settled class‐action litigation for $115 million.
 
Visionworks of America, Inc., a retail/optical chain, faces a proposed class action after a data breach affecting 40,000 customers.
 
Imagine a breach of your patient portal where PHI is exposed, then a class-action law firm sues you for negligent safeguarding of data. All the while the OCR fines you for the breach. We help you avoid both scenarios.


At Aris Medical Solutions, our HIPAA Keeper™ system highlights that strong vendor management, business associate agreements (BAAs), cybersecurity controls, timely breach notification, record-access compliance (e.g., right of access) are critical to reduce the risk of class actions..

Don’t leave patient data exposed.
Schedule your HIPAA Risk Analysis and Access Control Review with Aris Medical Solutions today.


What You Should Do After National Watchdog Warns of Data Breach Affecting 184 Million Passwords

Posted bySuze Shaffer

A leading national consumer watchdog group has sounded the alarm on a massive data breach, warning that as many as 184 million passwords may have been compromised. If confirmed, this breach would be one of the largest in recent history, potentially exposing sensitive login credentials and personal data for millions of users. Whether your data was directly affected or not, now is the time to take swift and smart action.

What We Know About the Breach

While details are still emerging, the watchdog group has reported that the breach involves leaked password databases that may have been collected through previous hacks, phishing schemes, or compromised third-party services. The data has reportedly surfaced on dark web forums and hacking communities, increasing the risk of identity theft, credential stuffing attacks, and financial fraud.

What You Should Do Immediately

1. Change Your Passwords—Starting with the Most Sensitive Accounts

Focus first on accounts that hold financial or sensitive information:

  • Bank accounts
  • Email accounts
  • Healthcare portals
  • Social media accounts linked to other logins

Use a strong, unique password for each account. Avoid reusing passwords across multiple sites.

2. Enable Multi-Factor Authentication (MFA)

MFA adds a second layer of security by requiring you to enter a verification code from your phone or authentication app. This can stop attackers even if they have your password.

3. Use a Password Manager

A password manager can help generate and securely store unique, complex passwords for all your accounts. This helps eliminate the temptation to reuse passwords and improves overall security.

4. Check If Your Passwords Were Compromised

Use a reputable service like:

  • HaveIBeenPwned.com
  • Your password manager’s breach monitoring tool
    These tools can alert you if your email or credentials have been found in leaked data.

5. Monitor Your Accounts for Suspicious Activity

Regularly review your bank statements, credit card transactions, and email account access logs. If anything seems unusual, contact the relevant provider immediately.

6. Beware of Phishing Emails

After a major breach, phishing attempts tend to rise. Be cautious with emails that ask you to “verify your account,” click on suspicious links, or download unexpected attachments.

What Businesses Should Do

  • Implement mandatory password resets.
  • Audit your security protocols and consider third-party penetration testing.
  • Educate your employees on how to spot phishing and secure their accounts.

Final Thoughts

Cybersecurity experts have long warned that massive credential breaches are not a matter of if, but when. With the watchdog group raising this new alert, every consumer and organization should treat this as a wake-up call. The good news is that with the right precautions, you can minimize the damage and protect your digital life going forward.

Stay alert. Stay secure. And take action now—before someone else takes control of your data.

If you need assistance with HIPAA Compliance, check out our HIPAA Keeper™. Our online compliance system has everything you need to get compliant and stay compliant. Your HIPAA Compliance Officer will have a HIPAA security analyst to guide and assist them every step of the way!

For more information or to speak to someone about HIPAA Compliance call us at 877.659.2467 or use the contact us form.

©2025 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC