The law requires companies that store personal health information or other personal information to notify all potentially affected consumers of any data breach, including what personal or confidential information, may have been disclosed.
Typically companies will send letters to all potentially affected customers notifying them of the data breach.
Data breach attacks
A typical “phishing attack” occurs when hackers send out emails, texts, or instant messages containing an attachment or a link to malware. When a recipient of the email opens the attachment or link within it, the malware is automatically downloaded onto the recipient’s computer and email network. This allows the hacker access to the company’s network and its stored data.
Hackers frequently attempt to disguise the email, text, or instant message as coming from a trusted source so the recipient will click on or open the “phishing” message. Phishing attacks are among the most common types of data breaches because of their relative simplicity.
Data breaches and privacy violations
Healthcare-related companies are frequent hacking targets due to the value that personal healthcare information possesses on the black market, along with the fact the industry has been slower to invest in cyber security than other industries.
Data breaches of personal health information can result in high costs to consumers. As a result, companies need to take cyber security seriously to prevent a data breach from happening in the first place and not merely as a post-breach remedy.
California law protects your personal information
Several federal and state laws are enacted to help ensure that companies that store personal health information and other confidential information maintain that information securely.
These include the federal Health Insurance Portability and Accountability Act (“HIPAA”), the California Confidentiality of Medical Information Act (“CMIA”), and the California Consumer Privacy Act (“CCPA”).
These statutes require companies to maintain reasonable cyber security procedures, report any breaches of personal data that occur and may require the payment of statutory damages for violations of these acts.
Data Breach Rights and Compensation
If you received a data breach notification informing you that your personal or health-related information may have been compromised in a data breach, you have important legal rights.
You may be entitled to compensation under California law, including statutory damages, as part of a class action lawsuit.
Our attorneys filed and helped prosecute the first consumer class action lawsuits over internet privacy and security. We are dedicated to helping consumers harmed by privacy violations.