State AGs Intensify Scrutiny on Major Healthcare Data Breaches
State AGs investigate Change Healthcare and Inmediata breaches affecting millions.
Why it matters: Healthcare companies face heightened compliance scrutiny, risking penalties and operational impacts. Legal advisors need to navigate complex multistate investigations and settlements.
- Nebraska AG Hilgers focuses on Change Healthcare breach impacting 21 million individuals.
- 50 AGs secured a $52M settlement with Marriott over a previous data breach.
- Multistate investigations often led by executive committees indicate collective enforcement.
- New York initiated four HIPAA enforcement actions in 2024.
State attorneys general are targeting major breaches like the Change Healthcare incident involving 21 million people. This breach, under Nebraska AG Mike Hilgers' leadership, underscores potential violations of consumer protection laws.
These probes highlight a trend in collaborative state efforts tackling large-scale data breaches. The recent $52 million settlement with Marriott shows the power of 50 AGs working in unison. Similarly, the Inmediata breach involved 32 AGs, culminating in a $1.4 million settlement.
Typically guided by executive committees, such as in the CHS investigation that affected 6.1 million patients, these cooperative efforts signify potent state enforcement.
Healthcare companies must brace for increased compliance checks and enhanced data security practices. Legal advisors play a crucial role, deciphering multistate actions and strategizing to avert severe liabilities and reputational damage.
By the numbers:
- 21 million โ Individuals affected by the Change Healthcare breach.
- $52 million โ Settlement amount from Marriott data breach resolution.
Yes, but: Smaller healthcare entities may lack resources to meet increased compliance demands.