We read this morning that Labcorp shareholder Raymond Eugenio has filed a lawsuit against Labcorp and it's leadership team in the Delaware state court. That a lawsuit is filed by a shareholder or breached patient isn't new news; there are a handful of Labcorp civil lawsuits already and Labcorp has reported spending $119M for breach response and mitigation alone, following being impacted by 2019's American Medical Collection Agency breach. It's the allegation that a second breach has occurred and has gone unreported. This is HUGE news considering that Labcorp was part of the largest reported last year - and firmly in the spotlight. Not surprising is that the lawsuit also seeks to add an executive position to oversee Labcorp's information security.
We know that some healthcare organizations and their business associates choose to not report breaches, either because they've failed to perform due diligence to understand their regulatory requirements or because they fear the fallout of reporting a breach. We hope that the allegations against Labcorp are misguided or mistaken about an unreported breach and that Labcorp is making the changes necessary to protect their patient's information. What we don't understand is why lawsuits and data breaches seem to drive these corrective actions with much cost and loss to all involved.
The lawsuit document is linked to the graphic below.
Stay (HIPAA) Safe,