St. Joseph Health Settles Class Action Data Breach Lawsuit | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

St. Joseph Health Settles Class Action Data Breach Lawsuit

March 16, 2016
by Heather Landi
| Reprints
Click To View Gallery

Irvine, Calif.-based St. Joseph Health System has settled a class action lawsuit filed by two plaintiffs after the breach of 31,800 patient health records in 2012, as reported by the Orange County Register. The settlement, finalized last month in California Superior Court in Orange County, provides a total cash payment of $7.5 million to participating settlement class members, 31,074 plaintiffs, who will each receive roughly $241.

Healthcare Informatics obtained a copy of the court document through the webpage,, posted on the website of Kurtzman Carson Consultants (KCC), a class action settlement administrator.

The court document indicates that on February 13, 2012, St. Joseph Health System sent letters to approximately 31,802 of its patients, notifying them that it had inadvertently made their personal health information publicly accessible on the Internet, which allowed outside search engines to have access to the information. The information was accessible for a year, from February 2011 to February 2012.

“The letter stated that the type of information accessible included the following: diagnoses lists, active medication lists, lab results, medication allergies, body mass index (BMI), blood pressure, smoking status, advance directive status and demographic information, including spoken language, ethnicity, race, gender and birth date,” the court document stated.

The court documents state the in the lawsuit plaintiffs alleged that four causes of action by the health system led to the data breach: violation of the Confidentiality of Medical Information Act (CMIA); negligence; money had and received; and violation of the California Unfair Competition Law (UCL), California Business and Professionals Code, Section 17200. However, the court documents do not indicate how the patient health data become searchable on internet search engines.

And, the court documents indicates that a $3 million fund has been established to cover identity theft losses resulting from the exposure of patient health data. Each patient can apply for up to $25,000 if they suffered identity theft losses as a result of the data breach.

The court documents also indicate that St. Joseph also offered one year of identity theft and credit monitoring to 31,802 patients affected by the breach, which totaled $4.5 million. And, the health system spent $13 million to institute policies to comply with state and federal authorities and instituting numerous security-related remedial measures. And, St. Joseph also must pay $7.4 million in attorney’s fees and costs.

According to the article in the Orange County Register, the breach primarily involved patients of St. Jude Medical Center in Fullerton and Mission Hospital in Mission Viejo and Laguna Beach. But roughly one-third of the patients were treated at other St. Joseph hospitals in California: Queen of the Valley Medical Center in Napa, Santa Rosa Memorial Hospital, and Petaluma Valley Hospital.

The Orange County Register article also cited a statement released by the health system in which St. Joseph Health System leadership said they regretted “any undue concern to our patients” and said addresses, Social Security numbers and financial data were not released. The health system also said the information was removed from search engines.

“Additionally since the situation was discovered, we have invested in a number of initiatives to ensure the continued security of patient data, including enhanced data security infrastructure. These measures and more are intended to provide for the safety and security of our patients’ information,” the statement from St. Joseph Health System said, as quoted by the Orange County Register.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Healthcare Execs Anticipate High Cost Returns from Predictive Analytics Use

Healthcare executives are dedicating budget to predictive analytics, and are forecasting significant cost savings in return, according to new research from the Illinois-based Society of Actuaries.

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.