Sony Corporation has agreed to pay an undisclosed sum of money as part of a settlement stemming from a massive data breach that occurred in 2014.
Reports indicate that a class-action lawsuit was filed in federal court on behalf of 50,000 some current and former Sony employees, all of whom had sensitive personal data exposed during the breach. In the lawsuit, the plaintiffs allege that Sony failed to implement proper safeguards as required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
You might be wondering why Sony is even impacted by HIPAA. After all, isn't HIPAA limited strictly to healthcare providers and insurers? Granted, the focus of HIPAA is on healthcare entities, but Sony's data breach involved the unauthorized access of medical data from tens of thousands of its employees. This means the Sony is essentially a “covered entity” since it maintains/stored Electronic Protected Health Information (EPHI), and like all covered entities, it must implement appropriate and meaningful safeguards to protect its data from disclosure.
Daniel C. Girard, attorney for the plaintiffs, said he believed the interests of class members will be best served if the proposed settlement it submitted to the courts for approval.
Of course, this isn't the first time a non-healthcare provider has been sued for health-related data breaches. The EEOC filed a lawsuit against Orion for violating the American with Disabilities Act recent. According to attorney for the EEOC, employers are allowed to have voluntary wellness programs, but only if they are voluntary. Forcing workers to submit to such wellness programs is against the law and thus merits a lawsuit.
“Employers certainly may have voluntary wellness programs – there’s no dispute about that and many see such programs as a positive development,” John Hendrickson, regional attorney for the EEOC Chicago district, said in a statement. “But they have to actually be voluntary. They can’t compel participation by imposing enormous penalties such as shifting 100 percent of the premium cost for health benefits onto the back of the employee or by just firing the employee who chooses not to participate.”
Sony has come under fire in recent years for being the target of numerous cyber and hack attacks. This data breach is just one of the many incidents it has suffered from.