Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. Community Health Systems settles class action over 2014 data breach

      Articles

    Article

    Community Health Systems settles class action over 2014 data breach

    Feb 7, 2019

    LinkedInX (Twitter)EmailCopy URL
    Community Health Systems (“CHS”), an operator of general acute care hospitals based in Franklin, Tennessee, reached a settlement in a class action lawsuit over a 2014 data breach.

    Earlier this week, Community Health Systems (“CHS”), an operator of general acute care hospitals based in Franklin, Tennessee, reached a settlement in a class action lawsuit over a 2014 data breach. The breach, which took place in April and June 2014, affected 4.5 million patients and has been ranked as one of the largest health care data breaches in history.

    The breach

    Court records in the lawsuit allege that a criminal organization from China carried out the cyberattack in April and June 2014 using the Heartbleed Bug.[1] The stolen information included patients’ names, birth dates, addresses, telephone numbers, employer information and social security numbers taken from the health records system at CHS and from certain CHS-affiliated physician practices and clinics.

    Although CHS publicly announced the attack in August 2014, sixteen (16) former patients allege that CHS took no efforts to increase cybersecurity protections to their software system after discovering the attack in April 2014. According to court records, the suit also alleges that CHS kept sensitive patient data on a “test server,” leaving much of the information largely exposed. In the wake of the cyberattack, several lawsuits were filed and eventually consolidated in 2015.

    The settlement

    The settlement agreement, which is pending approval by a judge at an August 13 fairness hearing, provides two types of payments to affected patients. First, each patient would be entitled to a maximum of $250 for the cost of out-of-pocket expenses for actions taken to deal with the breach, such as credit and identity monitoring services used between August 18, 2014, and August 1, 2019. The out-of-pocket expenses also serve to account for up to five (5) hours of time spent by each patient dealing with the breach calculated at the rate of $15 per hour. Second, any patient who was the victim of fraud or identity theft as a result of the breach would be entitled to up to $5,000. The settlement agreement imposes a cap on claims paid at $3.1 million.

    If the agreement is approved, affected patients may submit a claim to be included in the settlement by August 1. The settlement agreement attempts to deal creatively with a common issue in data breach class action lawsuits, namely, how to effectively quantify the harm suffered by the victims. Many settlement agreements in such cases do not result in monetary damages received by the victims, but rather set out large expenditures on the part of the company to be used for credit monitoring and fraud resolution services. Whether the model used in CHS’ settlement agreement succeeds in reimbursing the victims remains to be seen.

     



    [1] The Heartbleed Bug is a bug in the widely used cryptographic software library known as Open SSL. Google discovered the Heartbleed Bug in April 2014.

    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved