Roman v. Community Health Systems, Inc., No. 3:14-cv-01705 (M.D. Pa., filed Aug. 29, 2014).

Lawson v. Community Health Systems, Inc., No. 3:14-cv-00712 (S.D. Miss., filed Sept. 11, 2014).

Glah v. Community Health Systems, Inc., No. 2:14-25783 (S.D. W. Va., filed Sept. 15, 2014).

Brito v. Alta Vista Regional Hospital, No. 412-CV-201400316 (N.M. Dist. Ct., filed Sept. 19, 2014).

Last month, we reported that patients had filed a putative class action in the Northern District of Alabama against hospital operator Community Health Systems following a data breach affecting 4.5 million patients. Community Health now faces four additional putative class actions in New Mexico state court and federal courts in Pennsylvania, Mississippi, and West Virginia. The BritoGlah, and Lawson complaints were all modeled on the first-filed Alverson case with many paragraphs copied word for word. With some variation between cases, the claims alleged include breach of express and implied contract, breach of implied covenant of good faith and fair dealing, unjust enrichment, money had and received, negligence, negligence per se, wantonness, invasion of privacy, and violations of the Fair Credit Reporting Act. The Brito complaint also includes a claim for violation of the New Mexico consumer fraud statute. As in Alverson, the plaintiffs claim that they suffered damages because a portion of their payments to the hospitals was “intended to pay for the administrative costs of data security” and the data security was allegedly inadequate and because they will be forced to incur the cost of credit monitoring.

The Pennsylvania Roman complaint focuses on an alleged discrepancy between Community Health’s level of data protection and the “express promises” in its privacy policy, code of conduct, and statement of patient rights. According to the complaint, this discrepancy gives rise to claims for violation of the Pennsylvania consumer fraud statute, breach of express or implied contract, and unjust enrichment. Ms. Roman alleges that she and the putative class members would have paid less for services had they known of Community Health’s “substandard” data security.