The US Supreme Court has declined to hear a potentially precedent-setting case concerning a privacy breach that exposed the information of 1.1 million CareFirst Blue Cross Blue Shield subscribers in 2014.
Last year, the US Court of Appeals in the District of Columbia ruled that a class action lawsuit against CareFirst could move forward. That panel of three judges agreed that there was a risk of potential harm to CareFirst members in light of the breach. In their appeal to the Supreme Court, CareFirst argued that the appellate court’s opinion set a “dangerous precedent” as far as defining harm to patients, Fierce Healthcare reported, noting that lower circuit courts will be left with having to grapple with defining the level of harm.
Christopher Nace, an attorney who represents the plaintiffs in the CareFirst case, told Fierce Healthcare, “When you consider all of the Americans who have had their data exposed, it is important that corporate America understands that if they do not take reasonable steps to protect citizens’ data, they will be held responsible in our courts.
Further, Nace said that inaction by the Supreme Court “simply indicates that our courts will provide citizens a venue to hold corporations accountable when they fail to take reasonable precautions to protect our data.”
Security experts warn that large-scale breaches will continue to occur and that identity theft will continue to be a problem in healthcare and other industries and force higher courts to act.