KNOXVILLE, Tenn. — UPDATE: SEPT. 21: A former patient and a minor patient of East Tennessee Children's Hospital have voluntarily dropped a lawsuit they filed in June against the hospital over a spring data breach.
With the voluntary dismissal, attorneys indicated each side would cover their own fees and costs.
They filed notice July 20 in U.S. District Court that they were dismissing the suit, records show.
The case had barely started in federal court in Knoxville. The former patient and the current patient filed the action in early June.
The complaint had sought class action status.
PREVIOUS STORY: The East Tennessee Children's Hospital is facing a lawsuit after plaintiffs said their data is at risk following a data breach in March 2022.
The lawsuit claims that the hospital was negligent in how it handled the data breach. It claimed that the ETCH learned about the data breach on March 14, but did not publicly acknowledge it until May 19.
The plaintiffs include a former and current patient at the hospital who said they spent hours monitoring their personal accounts to make sure they do not become victims of fraud or identity theft. The lawsuit said that the hospital failed to safeguard the personally identifiable information of around 422,500 patients, as well as their personal health information.
The information at risk includes names, addresses, dates of birth, health insurance information and social security numbers, according to the lawsuit. The hospital said in late May that it sent out notices to people if their information was identified to be at risk.
In those notices, the hospital said it is offering 12 months of identity monitoring services for anyone who could be impacted.
The lawsuit claims that personal health information has been referred to as "a treasure trove for criminals" and said that thieves who steal it can have up to ten personal identifying characteristics of a person. It also said that all-inclusive health insurance dossiers can sell for up to $1,300 on dark net marketplaces.
It also said thieves can sell healthcare records for 50 times the price of a stolen Social Security number or a credit card number. The plaintiffs said that now with their information possibly leaked, they were worried about thieves opening credit cards, loans, opening utilities, getting a phone and opening bank accounts in their name.
They also said they were worried criminals may use victims' information if they are arrested or take court action.
Officials with East Tennessee Children's Hospital said they could not comment on pending lawsuits. However, they released a statement. It is below.
"Along with providing outstanding patient care, the confidentiality, privacy, and security of information within our care are among East Tennessee Children’s Hospital’s highest priorities. Upon identifying this incident, we promptly took steps to secure our systems and investigate the full scope of the event.
We are also reviewing and strengthening existing policies, procedures, and safeguards related to cyber security and have already taken additional steps to further enhance the security of our systems. We notified federal law enforcement of this incident, as well as appropriate state and federal regulators.
We also mailed notices with information about the incident to those individuals for whom we have address information and, as an added precaution, we are providing individuals with credit monitoring and identity theft protection services at no cost. Information on the services and instructions on how to enroll in these services is included in the letter mailed to individuals.”