Supreme Court rejects CareFirst bid to review breach case
The U.S. Supreme Court has denied Maryland-based CareFirst Blue Cross Blue Shield’s request to review its breach case, stemming from a 2014 breach that exposed the data of almost 1.1 million patients.
The class-action lawsuit against the insurance giant will head back to the Washington federal trial court, where the suit will likely proceed. The case would have been the first of its kind reviewed by the Supreme Court and would have set a precedent for future breach cases.
The Supreme Court issued its decision on Tuesday, opting not to weigh in on questions of potential harm to victims of data breaches.
CareFirst made its initial petition to the court in November, after the U.S. Court of Appeals for the District of Columbia granted the customers the right to pursue their class action lawsuit against the insurer. The ruling overturned the district court decision that said the plaintiffs didn’t suffer any actual harm.
The insurer argued in its appeal to the Supreme Court that the appellate court’s decision would set a dangerous precedent, arguing that companies from every sector would be hit with a flood of data breach lawsuits in the future.
For now, the Supreme Court’s decision leaves the definition of harm of breach victims to be decided by the lower courts.
CareFirst is not the first healthcare organization hit with a lawsuit after a data breach. Last year, Anthem reached a settlement of $115 million with 78.8 million of its customers, stemming from a 2015 data breach. Similarly, Allscripts was recently hit with a lawsuit after a ransomware attack locked providers out of their EHRs for almost a week.