Delivery alert

There may be an issue with the delivery of your newspaper. This alert will expire at NaN. Click here for more info.

Recover password

Las Vegas hospital sued after huge patient ID theft

ALBUQUERQUE, N.M. — A San Miguel County woman filed a lawsuit seeking class-action status against a Las Vegas, N.M., hospital and its parent company alleging the firm negligently allowed hackers to steal her personal information, along with that of millions of other patients nationwide.

The lawsuit alleges that the Tennessee-based parent company of Alta Vista Regional Hospital and five other New Mexico hospitals failed to properly protect and encrypt patient data, including Social Security numbers and possibly credit card numbers.

The company, Community Health Systems, Inc., reported to the U.S. Securities and Exchange Commission in August that computer hackers in China bypassed the company’s security systems and stole data affecting some 4.5 million patients.

The theft likely occurred in April and June and included patient names, addresses, birth dates, telephone numbers and Social Security numbers, the company reported. Hackers did not obtain patient credit card information, the company told the SEC.

Tomi Galin, a spokeswoman for Community Health System, said in a written statement Friday that the firm would not comment on pending litigation.

CHS is one of the nation’s largest publicly traded hospital companies with 207 hospitals in 29 states, according to the company’s website.

In New Mexico, the firm also owns Carlsbad Medical Center in Carlsbad, Eastern New Mexico Medical Center in Roswell, Mimbres Memorial Hospital in Deming, Mountain View Regional Medical Center in Las Cruces, and Lea Regional Medical Center in Hobbs.

The suit, filed by the Branch Law Firm, alleges that Briana Brito, a patient at the Las Vegas hospital, was among those whose personal data was stolen, according to the lawsuit filed Sept. 19 in the Fourth Judicial District Court in Las Vegas.

Brito was unable to take steps to protect herself from financial harm because the firm had “taken no action to promptly notify their patients” of the theft, it alleges.

The suit asks a judge to require the company to provide Brito with consumer credit protection and insurance, and to pay restitution for any losses from identity theft. It also asks for unspecified damages.

Brito “now faces a substantial increased risk of identity theft, if not actual identity theft,” the suit said.

Branch, with offices in Albuquerque, Houston and Washington, D.C., joined Slack & Davis, a Texas-based law firm, to file the court action seeking class-action status.