Veciana v. Community Health Systems, Inc., No. 8:14-cv-02893 (M.D. Fla., filed Nov. 19, 2014)

In September and October, we reported that five putative class actions had been filed against hospital operator Community Health Systems and various local hospitals following a data breach affecting 4.5 million patients. Four of the suits, filed in AlabamaMississippiNew Mexico, and West Virginia followed the same model, with many identical paragraphs. The plaintiffs in these suits claim that they suffered damages because a portion of their payments to the hospitals was “intended to pay for the administrative costs of data security” and the data security was allegedly inadequate.  In addition, the plaintiffs claim that they suffered damages because they will be forced to incur the cost of credit monitoring.   

A fifth suit, filed in Pennsylvania, focuses on an alleged discrepancy between Community Health’s level of data protection and the “express promises” in its privacy policy, code of conduct, and statement of patient rights.

On November 19, a sixth suit was filed in Florida, modeled on the Alabama, Mississippi, New Mexico and West Virginia complaints. Like those complaints, the Florida complaint alleges claims for breach of express and implied contract, breach of implied covenant of good faith and fair dealing, unjust enrichment, money had and received, negligence, negligence per se, wantonness, invasion of privacy, and violations of the Fair Credit Reporting Act.