Alverson v. Community Health Systems, Inc., No. 2:14-cv-1620 (N.D. Ala., filed Aug. 20, 2014)

On August 18, Community Health Systems, an operator of 206 hospitals in 29 states, announced in a public filing that it had experienced a data breach affecting 4.5 million patients. Hackers (suspected to be from China) stole patient names, birth dates, telephone numbers, and Social Security numbers. Two days later, five patients filed a putative class action, alleging that Community Health’s failure to safeguard their data gave rise to claims for breach of express and implied contract, breach of implied covenant of good faith and fair dealing, unjust enrichment, money had and received, negligence, negligence per se, wantonness, invasion of privacy, and violations of the Fair Credit Reporting Act. The plaintiffs allege that they suffered damages because a portion of their payments to the hospitals was “intended to pay for the administrative costs of data security” and the data security was allegedly inadequate and because they will be forced to incur the cost of credit monitoring. Community Health has offered free credit monitoring for all patients affected by the breach.