Negligent Cybersecurity Lawsuits: the Next Frontier

Traditional negligent security lawsuits focus on what happens in the physical world. But what about security breaches that occur in the digital world? In many situations, inadequate cybersecurity can have very real, tangible effects on our lives. Our data may be stolen, compromising private information and damaging our reputations. Our financial data may be hacked, causing us to lose considerable assets. Even our very identities may be stolen and used for fraudulent activities. All of these criminal acts can occur entirely within the digital world. So, what happens when the companies we trust fail to protect us?

In an era in which ransomware attacks and data breaches are becoming increasingly common, many companies are doing the right thing. These organizations are increasing their cybersecurity budgets and striving to protect their customers from attacks. Other companies are opting for cybersecurity insurance, which allows them to pay out considerable funds to those who suffer damages in the case of a breach. However, numerous companies are still not doing enough to protect innocent people against hackers.

If you have suffered damages as a result of inadequate security, you should get in touch with an experienced attorney as soon as possible. Our legal professionals can help you pursue justice as well as a settlement that covers all of your damages. Whether the criminal attacks occurred in the physical or digital world, you deserve to hold negligent parties accountable.

Scripps Health Sued in California

If you think that a negligent cybersecurity lawsuit is a little far-fetched, consider the fact that Scripps Health was recently sued in California. Not only are cybersecurity lawsuits heard by courts in California, but they are also taken quite seriously. In June of 2021, it was reported that patients were suing Scripps Health for failing to protect their data. The system was responsible for securing medical data across five different hospitals, and records of more than 150,000 patients were stolen.

Although Scripps Health notified patients who had their data stolen, this was not enough to satisfy the hundreds of thousands of people who were affected. These individuals were rightfully concerned that their personal information had suddenly been made public, and they decided to take legal action against the system and its managers. In fact, Scripps Health is now facing several class-action lawsuits.

The lawyers representing these plaintiffs argued that Scripps Health should have known that this data was vulnerable. They also claim that the company did nothing to address vulnerabilities in their system, despite multiple warnings and alerts that the data was not properly secured. Finally, the plaintiffs argue that Scripps Health should have been aware of the heightened threat due to the rise in ransomware and general cyberattacks during this period. In total, plaintiffs and class members stand to receive damages of up to $3,000 each.

How Does Negligent Cybersecurity Result in “Injuries?”

At first glance, it might seem a little strange to file a personal injury claim for harm that has resulted from a cyberattack. After all, cyberattacks occur in the digital world and cannot physically harm you. There are some notable exceptions, of course, such as a cyberattack that results in a hospital losing power, killing people on life support. For the most part, however, most data breaches and cyberattacks do not result in physical injuries.

So, how can you file a personal injury claim if no physical injury has occurred? In the legal world, the term “injury” can refer to a wide range of damages, and not just physical ones. An “injury” can include a number of different things. The classic example of a non-physical injury is an emotional or mental one. For example, a person could claim that a car accident had left them with PTSD, preventing them from living a normal life in the future.

In the context of negligent cybersecurity claims, these injuries can also be wide-ranging. If someone’s financial data is stolen by hackers, they may suffer financial losses. These can also be classified as “injuries.” Someone might also claim that the platform or company’s inability to secure their data shows a diminished value of services. In other words, the person who was hacked didn’t get what they paid for, and they received a terrible service that resulted in more harm than good.

In the above lawsuit involving Scripps Health, one of the main injuries suffered by plaintiffs was damage to their reputation. By allowing private, confidential health records to be published and lost, Scripps Health could potentially cause serious embarrassment for hundreds of thousands of people. Most of us do not want the intimate details of our medical appointments shared with the general public. Think about how this might impact your future career opportunities. Consider the possibility of someone using this information to blackmail you, especially if you become a public figure in the future.

That being said, plaintiffs experience notable challenges when filing a personal injury claim when no one has suffered any physical injuries. You always stand a much better chance of a positive legal outcome if you can show the court that you have been physically injured, as these types of injuries are almost impossible to deny. Medical records and receipts for medical expenses are clear evidence that someone has been harmed. Other injuries are generally more difficult to prove with conclusive proof.