Stanford to defend itself against class action suit on data breach

A purported class action lawsuit was filed against Stanford Hospital & Clinics (SHC) and outside vendor Multi-Specialty Collection Services (MSCS) on grounds that MSCS caused some confidential information about patients who visited Stanford Hospital’s emergency room to be posted on a website. “SHC intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit,” an Oct. 3 statement from the Stanford, Calif.-based provider stated.

“SHC takes very seriously its obligation to treat its patient information as private and confidential. As soon as this was brought to SHC’s attention by a patient, the hospital demanded and had the spreadsheet taken down from the website and backup servers,” the organization continued.

MSCS provided business and financial support to SHC and was operating under a contract with SHC that required it to protect the privacy of the patient information sent to it, according to SHC, who continued that it sent data to MCSC in an encrypted format.

SHC’s investigation of the incident determined MSCS prepared an electronic spreadsheet from data that had the names, addresses and diagnosis codes of almost 20,000 patients. “Unfortunately, MSCS improperly sent the spreadsheet it had created to a third person who was not authorized to have that information and who improperly posted it on a website, apparently to get assistance in generating a graph from MSCS’s spreadsheet,” the statement  read. “This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible.”

The affected patients were notified of this breach and SHC offered to provide free identity protection services to all the patients. To date there is no evidence that anyone saw this information on the website and improperly used it for fraudulent or any other improper purpose, SHC asserted.

SHC has terminated its relationship with MSCS and reported this breach to law enforcement authorities. “SHC regrets that its patients’ confidentiality was breached and is committed to protecting the health and privacy of all of its patients,” the facility concluded.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.