CareFirst Asks the Help of Supreme Court to Sort Out Data Breach Lawsuit

Hackers attacked the CareFirst BlueCross BlueShield database in 2014 and accessed the protected health information of 1.1 million members. The information exposed included names, birth dates, email addresses and subscriber ID numbers. Following the breach, plaintiffs filed lawsuits seeking damages for the risk of identity theft and fraud because of the breach.

The U.S. District Court for the District of Columbia dismissed the Chantal Attias vs. Carefirst, Inc. in 2016 for lack of standing. Two federal district courts also dismissed other complaints. But the case was revived on August 1, 2017 when the U.S. District Court for the District of Columbia allowed the case to proceed despite the lack of concrete, identifiable injury to plaintiffs.

Carefirst submitted a motion for a stay to have an appeal filed with the Supreme Court. On the first week of September, the U.S. District Court for the District of Columbia granted a 90-day stay pending the filing of a Petition for Writ of Certiorari with the U.S. Supreme Court, seeing that there was a ‘good cause’ and a need to answer a “substantial question.”

The motion submitted by CareFirst reasoned that the Supreme Court still needs to examine the issue of standing within the context of a data breach. The Supreme Court needs to hear the case to guide the federal district and appellate courts in sorting cases where a cognizable injury-in-fact has been sustained and the plaintiffs are not able to allege real or immediate harm.

The federal district and appellate courts struggled to reach consensus whether the prospect of future injury resulting from a data breach constitutes a substantial risk of actual harm. Should the district court decide to proceed with the case, it would encourage lawsuits following data breaches without allegations of real or immediate harm. Carefirst hopes to get the Supreme Court’s consideration for a grant of certiorari.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.