Planned Parenthood Los Angeles Data Breach Coincides with Spotlight on Roe v. Wade

Elizabeth Litten
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

According to this article, 2021 has been a “particularly dire year” for health care data breaches.   So, it may not seem shocking that a hacker gained access to the protected health information of approximately 400,000 Planned Parenthood Los Angeles patients in October.  What is unusual about this particular hacking incident is its timing.  Planned Parenthood Los Angeles published Notice of the incident on Wednesday, December 1, 2021, the same day the U.S. Supreme Court heard oral argument on the controversial issue in the highly publicized case of Dobbs v. Jackson Women’s Health.

As described in the Notice, Planned Parenthood Los Angeles acted quickly, completed an initial forensic review of affected data in less than 3 weeks, and published the Notice less than 45 days after discovery.  Yet, Planned Parenthood Los Angeles now faces a class action lawsuit over the breach.

Although HIPAA does not provide a private right of action, the lawsuit alleges negligence, invasion of privacy, and violations of three California state laws: (1) the California Confidentiality of Medical Information Act, (2) the California Consumer Records Act, and (3) California’s Unfair Competition Law.

California claims aside, Planned Parenthood Los Angeles appears to taken its HIPAA breach notification obligations very seriously, perhaps in recognition of the need to alert women as quickly as possible of an incident involving uniquely sensitive health information.

Unfortunately, not all entities entrusted with maintaining health information, even uniquely sensitive information about women’s sexual and reproductive health, take their federal breach notification obligations as seriously. Flo Health, Inc., an app used by more than 100 million women to track personal menstruation and fertility information didn’t provide notice until reaching a settlement with the Federal Trade Commission in January 2021.  Its breach came to light as a result of an investigation by the Wall Street Journal published in February 2019.  (For more about the Flo Health breach and settlement, you can read our blog here.)

The timing of the Planned Parenthood Los Angeles incident and the legal and political spotlight on Roe v. Wade is most likely coincidental.  It serves as a stark reminder, though, that personally (and politically) sensitive information may be targeted by hackers despite the provider’s best efforts to avoid data breaches.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide