Tri-City Healthcare Class Action: Data Breach Exposed Patient Information

Case Overview: A class action lawsuit has been filed against Tri-City Healthcare District, alleging that it failed to protect the personal and health information of its patients and employees, leading to a data breach that exposed sensitive information. 

Consumers Affected: Individuals residing in the United States whose private information was compromised in the Tri-City Healthcare data breach.

Court: U.S. District Court for the Southern District of California

Tri-City Healthcare District, operating as Tri-City Medical Center, is facing a class action alleging it failed to protect the personal and health information of its patients and employees. 

Filed by Rachel Pontius in a California federal court, the legal action stems from a data breach that the healthcare district discovered on November 9, 2023. Pontius claims Tri-City Healthcare not only failed to prevent the breach but also waited far too long to notify those affected, increasing the risk of harm.

Pontius, a resident of Oceanside, California, alleges that the breach compromised her personal and health information, including her name, Social Security number, address, date of birth, medical treatment and diagnosis information, health insurance information, and treatment costs. 

She claims this information was accessed and potentially misused by unauthorized individuals due to the healthcare district's inadequate security practices.

Tri-City Healthcare Failed to Protect Patient Data and Delayed Breach Notification, Lawsuit Claims

The lawsuit claims Tri-City Healthcare failed to implement appropriate cybersecurity measures to protect sensitive patient and employee data. It alleges the healthcare district did not have sufficient safeguards in place to prevent unauthorized access to its information systems, allowing malicious actors to infiltrate its network and steal data.

Furthermore, the lawsuit criticizes Tri-City Healthcare for the nearly year-long delay in notifying affected individuals about the data breach. Although the breach was discovered on November 9, 2023, the healthcare district did not begin notifying affected individuals until September 27, 2024. 

This delay, Pontius argues, exacerbated the harm by preventing people from taking timely action to protect themselves from potential identity theft, fraud, and other misuse of their personal information.

Data Breach Exposed Sensitive Information of Over 100,000 Individuals

Court documents indicate the data breach affected 108,149 individuals. The compromised information included a range of sensitive data, including names, Social Security numbers, addresses, dates of birth, medical treatment and diagnosis information, health insurance information, and treatment costs.

This data breach raises serious concerns about the potential consequences, including the risk of identity theft, financial fraud, and medical identity theft. Individuals affected by the breach now face an increased risk of these harms and may need to take extensive measures to protect themselves.

“Plaintiff and Class Members are at a heightened risk of identity theft for years to come, especially because Defendant’s failures resulted in Plaintiff’s and Class Members’ Social Security number falling into the hands of identity thieves,” the lawsuit argues. 

Lawsuit Alleges Negligence and Violations of FTC Act and HIPAA

Pontius accuses Tri-City Healthcare of negligence in handling patient and employee data. She alleges that the healthcare district failed to implement reasonable security measures to protect this sensitive information, did not comply with industry standards and best practices for data security, and did not have adequate incident response and business continuity plans in place.

She also claims that Tri-City Healthcare violated the Federal Trade Commission Act and the Health Insurance Portability and Accountability Act (HIPAA) by failing to implement reasonable data security practices and protect the privacy of health information.  

Data Breaches and Lawsuits on the Rise in the Healthcare Industry

This case against Tri-City Healthcare District is not an isolated incident. Data breaches have become a growing concern in the healthcare industry, with numerous healthcare providers facing similar challenges in protecting patient and employee information. The rise in breaches has also led to an increase in legal action against healthcare organizations, as individuals seek to hold them accountable for lapses in data security.

Recent examples include lawsuits against Hospital Sisters Health System and Kaiser Permanente, where plaintiffs allege that inadequate security measures and unauthorized data sharing with tech companies like Google and Microsoft compromised the personal information of millions of patients.

In addition to these large-scale breaches, smaller healthcare providers have also faced legal challenges. Summit Laboratory, an independent pathology provider, was sued in October 2024 following a data breach that allegedly exposed sensitive personal and medical information. Similarly, Coastal Orthopedics, SouthCoast Medical Group, and Justice Resource Institute are facing lawsuits over data breaches that allegedly left patients vulnerable to identity theft and fraud.

Even major healthcare industry players like Change Healthcare are not immune to legal scrutiny. The company has been hit with more than 50 lawsuits following a significant data breach earlier this year.

In the Tri-City Healthcare data breach class action lawsuit, Pontius seeks to represent all individuals residing in the United States whose private information was compromised in the data breach. She demands various forms of relief, including monetary damages to compensate for the harm caused by the breach, restitution, and an order requiring Tri-City Healthcare to improve its data security practices and comply with relevant laws and regulations.

She also seeks an order requiring Tri-City Healthcare to provide credit monitoring and identity theft protection services to all affected individuals.

Case Details

• Lawsuit: Pontius v. Tri-City Healthcare District
• Case Number: 3:24-cv-01953
• Court: U.S. District Court for the Southern District of California

Plaintiffs' Attorneys

• Christopher M. Burke, Walter W. Noss, and Yifan (Kate) Lv (Korein Tillery PC)
• J. Gerard Stranch, IV and Grayson Wells (Stranch Jennings & Garvey, PLLC)

Were you affected by the Tri-City Healthcare data breach? Share your experience in the comments below.