IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Data Breach Victim Files Lawsuit Against New Mexico Hospital

A 2020 data breach affecting nearly 69,000 San Juan Regional Medical Center patients has evolved into a class action lawsuit against the health-care provider. The suit seeks unspecified damages.

(TNS) — San Juan Regional Medical Center has been hit with a class action lawsuit over its 2020 data breach. The suit claims the hospital was negligent in its handling of patients' personal information, resulting in the exposure of health information and other sensitive private data.

The new figure of 68,792 individuals affected by the data breach that was included in the class action complaint is an exponentially larger number than the hospital disclosed earlier this year.

Plaintiff Jeremy Henderson, on behalf of himself and other affected individuals, filed a class action complaint against the Farmington hospital on Oct. 7. The lawsuit seeks unspecified damages for relief from the alleged damages.

San Juan Regional Medical Center declined to comment on the lawsuit, citing pending litigation.

The hospital has stressed in the past it has no evidence that any of the information was misused.

Santa Fe attorney Kristina Martinez along with attorneys for Mason Lietz & Klinger LLP with offices listed in Washington, D.C. and Chicago, Illinois, did not respond to a request for interview.


The hospital in June told The Daily Times that more than 500 people were affected by the data breach.

The lawsuit uses a figure of 68,792 patients that were affected.

That figure is listed on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal.

San Juan Regional Medical Center did not answer a question from The Daily Times as why the number of people affected ballooned to nearly 69,000 people.


The 50-page class action complaint levies multiple accusations against the hospital, going at times into extreme detail to describe how the unauthorized access to the hospital's network has adversely affected tens of thousands of its patients.

Henderson was notified of the data breach and that his private information was compromised in the letter dated Sept. 13, according to the lawsuit.

It was a year earlier, on Sept. 7-8, 2020, when the hospital learned "an unauthorized individual" removed information from its network.

The victims of the data breach had their names, dates of birth, addresses, email addresses and phone numbers accessed, along with Social Security numbers, financial account numbers, passport numbers, driver's license numbers, health insurance information and medical information, the lawsuit alleges.

It also claimed letters were not sent out for people with stolen Social Security numbers and financial information until Sept. 13.

"Plaintiff brings this class action lawsuit on behalf of those similarly situated to address Defendant's inadequate safeguarding of Class Members' Private Information that they collected and maintained, and for failing to provide timely and adequate notice to Plaintiff," the complaint states.

It also alleges Henderson and other impacted individuals have been exposed to substantial risk of identity theft and fraud and will have to closely monitor their medical and financial information to protect themselves.

The lawsuit also accused San Juan Regional Medical Center of failing to properly implement basic data security practices and of failing to implement safeguards required by Health Insurance Portability and Accountability Act of 1996 (HIPPA) regulations.

Henderson also argues the identity and fraud monitoring offered by the hospital for up to 12 months does not compensate those affected for time spent and damages incurred.

The complaint alleges Henderson has experienced a substantial increase in suspicious scam and spam phone calls and text messages as a result of the data breach.

©2021 Distributed by Tribune Content Agency, LLC.