New state law will offer added protections for victims of data breaches

Harrisburg, Pa. — A new state law will help protect consumers impacted by data breaches.

Act 33 of 2024 requires an impacted organization to provide a free credit report and one year of credit monitoring to affected consumers. It also strengthens notification requirements and mandates notification of the Pennsylvania Office of Attorney General if a data breach occurs in the Commonwealth, according to the state legislature. The new law received unanimous support in both the House and Senate, according to a capitol update.

The measure would cover instances in which an individual’s first and last name or first initial and last name have been accessed in combination with any of the following information: Social Security number, bank account number, or driver’s license or state ID number.

A record 3,122 data breaches occurred nationally in 2023, affecting hundreds of millions of Americans and costing billions of dollars, according to the Identity Theft Resource Center. It marked a 72% increase in data compromises from the previous all-time high in 2021.

In June, Geisinger Medical Center reported a breach that may have exposed the personal information of over one million patients by a employee of the hospital's information technology vendor who had been terminated.

Law enforcement investigators asked Nuance, the IT vendor, to delay notifying patients of this incident until June, saying information about the leak might have hindered their investigation. The former Nuance employee has been arrested and is facing federal charges.

According to Beckershospitalreview.com , former patients are joining a class action lawsuit filed against Geisinger asking for compensation following the announced data breach that affected around one million patients.

Court documents show James Wierbowski, a former Geisinger patient, filed the lawsuit June 28, and is seeking "appropriate monetary relief," which could equal more than $5 million, WJAC reported.

The law will take effect in late September.