Category: Consumer Protection

The most devastating fires in California’s history are still burning at the Camp Fire in Northern California and the Woolsey/Malibu Fire in Southern California —yet already there is talk about changes in California laws regarding fire liability. While consumer advocates will struggle to revoke the utilities’ ability to pass on the costs of fires, it is expected that utilities will seek immunity to further limit their exposure to liability.

Mulligan Law are investigating claims about the recent California fires. Call the number on this page, or use our Contact Form, to tell us about your experience.

Threatening to declare bankruptcy after PG&E was found responsible for previous fires, this utility company spent over $10.5 million dollars just last year lobbying the state legislature[i] with the hope of currying favorable laws. It is reasonable to assume their lobbying efforts are not at an end, and in fact, they will probably step up their efforts.

In response to lobbying, earlier this year, the California legislature enacted Senate Bill 901.  Unless amended, starting in 2019, this new state law will, under certain conditions, pass the expense of fire liability costs on to consumers and allow utilities to sell bonds to offset fire liability costs. While this new legislation won’t affect liability for the pending fires, it will give utilities a possible pass for future calamities. Before it even comes into effect, this new legislation should be amended to prevent utilities from passing the costs on to consumers.

Utility companies balk at California courts using a “strict liability” approach to hold utility companies accountable for fires caused by their equipment, regardless of negligence in maintaining the equipment. Why? Because electricity is inherently dangerous and it is well established that utility lines must be properly maintained and surrounding trees and vegetation must be frequently cleared away from power lines or devastating fires can occur. [ii]

Preliminary investigation reveals PG&E utility’s role in triggering the pending Camp Fire. This devastating fire obliterated much of Paradise and devastated surrounding Butte County, resulting in over 63 deaths, 631 or more people still missing and the destruction of over 7,600 homes–as of the time of this blog post.  What did PG&E do… or more accurately, what didn’t this utility do that contributed to the fire? The utility company neglected to clear trees that were interfering with lines, as required by law.   Just fifteen minutes before the blaze erupted, PG&E reported a power outage on an electrical transmission line in the immediate vicinity of where the fire sparked. While PG&E evaluated whether to shut down power lines in the area, it neglected to do so. To literally add insult to injury, PG&E is grossly underinsured with approximately $1.4 billion for the pending fiscal year, while some estimates for the Camp Fire exceed $15 billion dollars,[iii] or more than ten times the available insurance coverage.

Similarly, the massive Woolsey fire in Southern California was also apparently triggered by failure to clean up a contaminated utility subsite as previously contractually required. [iv]  The fire reportedly began about 1000 yards away from the site of a 1959 partial nuclear meltdown of a reactor, on property located at Santa Susana Field Laboratory (SSFL or Rocketdyne).  Two minutes before the Woolsey fire began, Southern California Edison reported an outage at its Chatsworth substation which is located at the SSFL complex, just a few hundred yards from the site of the previous partial nuclear meltdown.  This substation was originally built to provide electricity from the reactor. Just last year, the U.S. Department of Energy, NASA and the Boeing Company signed binding agreements to clean up this  contaminated SSFL site but never took any steps to do so.  While the investigation is ongoing, some maintain that the “Woolsey Fire likely released and spread radiological and chemical contamination that was in SSFL’s soil and vegetation via smoke and ash,” according to Dr. Bob Dodge, president of Physicians for Social Responsibility-Los Angeles. While all wildfire smoke can be hazardous, independent testing and air monitoring is pending to prove whether the Woolsey fire released radiation and other hazardous chemicals into the air, contributing to the fire as well as increasing risks to the public from toxic air contamination.

Given predictions for continuing Santa Ana winds and more fires in California’s future, the worst is yet to come. Unless the utility companies who contribute to devastating fires are held accountable to the families who lost lives and homes, there is no incentive for the utilities to change their ways.

If you have been affected by the California wildfires, read more HERE on how we can help. 

Janice F. Mulligan


[i] Maclachlan, Malcolm. (November 14, 2018) “Legislators to Take Up Fire Liability”  Los Angeles Daily Journal p 1

[ii] California Public Resources Code 4292, 4293 , 4435 General Order No 95(above ground electrical wires) and 165 (inspection cycle)

[iii]  Franck, Thomas (November 15, 2018) “PG&E Has Lost Half its Value This Week as Shareholders Fear utility’s role in California Wildfires”. CNBC

[iv] Duffield, Denise (November 12, 2018) “Massive Woolsey Fire Began on Contaminated Santa Susana Field Laboratory, Close to Site of Partial Meltdown” Physicians for Social Responsibility


We are years away – decades, probably – from self-driving cars comprising the majority of the vehicles on our roadways.  Until then, we will have to put up with a mix of human-piloted vehicles and autonomous ones, in varying stages of testing and refinement.

As it is, nearly 40,000 people die every year in automobile crashes on U.S. roads.  Vastly more are injured.  And given the small amount of autonomous vehicles on the road now, it’s safe to say that nearly every one of these crashes are caused by people, crashing into people or other objects.  The promise of bringing these numbers down is the primary argument of advocates of robotic cars.

And it is a compelling argument.  Once the cars are all communicating with each other, using microchips and wireless tech over simple turn signals, they will bump into each other less, right? They will operate more like cars on a train than… thousands of individual trains, right?

Yes, it makes sense that once all, or the vast majority, of cars are replaced with self-driving ones, the roads are going to get much safer. But what happens in the meantime?

A Different Kind of Driver

There is a concern that, as our highways become testing grounds for robotics technology firms, injury and fatality numbers may increase.  And the basis for that is not just that the robot cars will malfunction.  Though they have, and they will.

No, the curious twist is that autonomous cars are getting into crashes at a significant rate, even when fully functioning and obeying all traffic rules.  The implication is that the crashes are being caused precisely because the cars are obeying every rule.  And humans don’t expect it.

Sure, it’s better to program these cars on the safe side, leaning more toward stopping for no good reason, than accelerating through a crowd.  But, right or wrong, human drivers expect a more subtle approach to the rules:  Acceleration through a yellow light; rolling through a stop; speeding to pass.  Humans certainly do not expect a car at full speed to stop in the middle of the road, for no reason, “just in case.”  But that is exactly what some self-driving cars are doing.  Data from the California DMV supports the conclusion that autonomous cars are making too many unexpected stops:  When self-driving cars crash, they are most frequently rear ended.

These reports and others on autonomous vehicle crashes are collected by the California government, where much of the testing has taken place.  Kyle Vogt, co-founder and CEO at Cruise (Chevy’s self-driving project) is reported in this month’s Wired as saying the crash reports make clear that humans expect other humans to bend or break traffic rules. But his robots won’t follow suit:

“We’re not going to make vehicles that break laws just to do things like a human would.  If drivers are aware of the fact that AVs [autonomous vehicles] are being lawful, and that’s fundamentally a good thing because it’s going to lead to safer roads, then I think there may be a better interaction between humans and AVs.”


Labeling the Experiment

If we know robots drive differently than humans, and we aren’t going to change the robots, then a good start to helping humans know what to expect would be regulations requiring clear marking of autonomous vehicles.  On all sides. We know that the big rig in front of us makes wide right turns because it tells us, with a sign.  We know the postal jeep in front of us may stop at any given house because it is painted like a post office vehicle.  By contrast, many self-driving cars are indistinguishable from human-driven ones.  If the public has been involuntarily drafted as subjects for a decades-long robotics experiment on our roads, the least we deserve is notice when one is driving in our midst.


Palomar Medical Center in San Diego has just announced that the personal information of 1,300 patients was breached by an employee.  The personal information includes, name, date of birth, gender, medical record number, diagnosis and other information.  Some patients have had their health insurance information, financial data, social security and driver’s license numbers accessed.

A news story reporting the breach is here.

If you received a notice from Palomar Medical Center of this data breach, or you believe that your medical records or personal information was disclosed without your permission, you may be entitled to compensation. Call our office at the number below to discuss your rights.

For further information on your rights when a hospital fails to protect your personal information, click here:  Your Rights In Data Breach Cases.


There is an epidemic of cyber security breaches of consumer’s personal information- no doubt about it. At a fast and furious pace, cyber attacks on hospitals are seemingly coming from anywhere and everywhere. With each breach, hackers’ show increasing boldness and sophistication. Health systems have become a one-stop shop for cybercriminals who not only steal valuable credit card information, but also access even more lucrative confidential patient information. Unlike a credit card that can be cancelled, when personal health information is stolen, the stolen information is at risk of being used illicitly for the rest of the victim’s life because it contains valuable identifying information (such as social security number, birth date, employment record, family member medical history, genetic information and personal health history).

How much information is being stolen?  One recent example involves Banner Health. Over 3.7 million of Banner’s health plan members’ sensitive patient information and valuable payment card information was hijacked. Banner is only one of at least 13 reported health information data breaches that occurred in the single month of August, 2016. The numbers of patients’ personal information being hacked are staggering: For example, 655,000 Bon Secours patients were also exposed to a data breach within just days of the Banner breach.

The number of patient records violated by these recent breaches still pales in comparison to the potential number of overall health records that can be hacked in one fell swoop: In the largest healthcare breach to date, 80 million personal records were stolen from Anthem in 2013, occurring just shortly after the FBI warned that hackers are now targeting health care.

These health care providers are not alone: There have been four reported cyber-thefts of Kaiser Permanente members’ records in the last five years. Healthcare has taken the lead for the most frequently targeted industry for cyber attacks cyber attacks, (edging out even the banking industry.)

No one is immune: Every industry, person, company, and government is at risk for a cyber attack. Over half a billion personal records were stolen or lost in 2015, ransomware increased by 35%, and 9 mega-breaches occurred. Soberingly, most companies are still not reporting the full extent of their security breaches, likely due to commercial reasons. Cybercriminals function in a myriad of ways from infiltrating and paralyzing entire systems and holding them for ransom, to stealing personal data and selling it in an underground market. As economic and political opportunities continue to flourish around breached cybersecurity, so too have the opportunities in the healthcare setting.

What can a consumer whose information has been cyber-stolen do about it? For a long time, there was no remedy. Fortunately, times are changing and there are potential remedies available:

  1. California Medical Information Act

California has one of the more progressive state laws protecting consumers. California Medical Information Act (CMIA). California Civil Code Section 56 et seq. provides:

“No health care provider can disclose or release medical data about a patient without authorization.”

A $4.1 million dollar settlement was paid by Stanford Hospital after 20,000 patients’ bills with sensitive, private patient information was posted online.  The data was posted by Stanford’s business partner it contracted with for purposes of the patients’ emergency room bills.

Settlements under the CMIA are not always a “slam dunk” when cyber hacking of patient records occurs. The California Court of Appeals has attempted to limit liability under the CMIA in the following ways in order for a consumer to win under the CMIA :

     (a)     Disclosure of “individually identifiable information” has been required, such as the patient’s medical history, (such as mental or physical condition) or treatment. Eisenhower Medical Center v. Superior Court (Riverside County) 226 Cal.App.4th 430 (2014).

     (b)     Negligence. While some courts have required proof of negligence, the CMIA does not expressly require this. The California Supreme Court could well find that based on the legislative history, this is a strict liability statuteIn the mean time, negligence may not be difficult to prove. The U.S. Food and Drug Administration (FDA) has found that the most common causes of medical records being hacked include lax password distribution, disabled, weak and/or absent passwords, lack of updated security software and lack of encryption. Who can argue that such rookie moves in the handling of voluminous and sensitive patient information is not negligence? In fact, criminal recklessness comes to mind!

     (c)     Proof: Unauthorized person actually viewed the medical information: It is this proof that an unauthorized person actually viewed the information that has been most difficult for a consumer to establish.  For example, in Regents of the University of California v. Superior Court, 220 Cal. App.4th 549 (2013), a UCLA physician’s laptop containing thousands of patients’ electronic charts was stolen.  Because the patients couldn’t allege that the data was illegally “disclosed” after it was stolen, the case was kicked out. Left uncertain after the UCLA case was whether proof of disclosure was enough for a lawsuit to go forward. While the California Supreme Court has yet to rule on the issue, another Court of Appeal case holds that even disclosure alone isn’t sufficient: a plaintiff must prove that the “stolen medical information was actually viewed by an unauthorized person.” Sutter Health v The Superior Court of Sacramento County (Atkins), 227 Cal.App.4th 1546 (2014). The court held that mere possession of medical information or records by an unauthorized person was insufficient to establish a breach of confidentiality if the unauthorized person has not viewed the records.

All is not lost for consumers: There the California Supreme Court has yet to rule on these issue, and the California Supreme Court could well find that the legislative history imposed no such restrictions on recovery.  Further, as outlined below, federal lawsuits have eased requirements for similar lawsuits.

  1. Federal Class Actions

Recently, there have been pro-consumer decisions rendered by multiple federal Courts of Appeal in consumer class actions.

For example, in September, 2016, the United States Court of Appeals held in Galaria v. Nationwide Mutual Insurance Co. __F.3d. __ (6th Cir. 2016) that where a data breach targets personal information, a reasonable inference can be drawn that the hackers will use the victims’ data for the fraudulent purposes alleged in Plaintiffs’ complaints. The court reasoned that where Plaintiffs already know that they have lost control of their data, it would be unreasonable to expect Plaintiffs to wait for actual misuse—a fraudulent charge on a credit card, for example—before taking steps to ensure their own personal and financial security….Where the Plaintiffs allege they and  other putative class members must expend time and money to monitor their credit, check their bank statements, and modify their financial accounts, these costs are a concrete injury suffered to mitigate an imminent harm, and satisfy the injury requirement.

Similarly, the court in Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2016) reasoned: “[w]hy else would hackers break into a store’s database and steal consumers’ private information? Presumably, the purpose of the hack is, sooner or later, to make a fraudulent charge or assume those consumers’ identities.”  This is consistent with the Court of Appeal’s rationale in Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016), where restaurant customers’ credit-card data was stolen in a data breach, because a “primary incentive” for a breach is to commit fraud.

Closer to home, the Ninth Circuit (which includes California) similarly found standing in Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010), where employees brought suit after a thief stole a company laptop containing their personal information.

Not all federal Court of Appeals decisions are in favor of consumers on this point.  The Third Circuit reached a different conclusion in Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011). In Reilly, a hacker broke into a payroll processor’s network, but it was not clear “whether the hacker read, copied, or understood” the personal data stored on the system.  The plaintiffs whose data was in the system alleged an increased risk of identity theft, but the court concluded that the injuries were too speculative because there would be an injury only, “if the hacker read, copied, and understood the hacked information, and if the hacker attempts to use the information, and if he does so successfully.”  The Third Circuit also distinguished the case from data-breach cases where courts found standing: “Here, there is no evidence that the intrusion was intentional or malicious.”

The pro-consumer decisions in the federal courts may conceivably open the way for similar findings in class actions under the California statute, and the California statute provides for penalties of $1000 per person in addition to actual damages (such as costs associated with changing bank accounts, freezing credit etc.), and the defendant would have to pay all attorney’s fees.

Stay tuned as the state and federal courts scramble to keep up with the raging technological advances that allow cyber-thieves to remotely and repeatedly steal your most cherished private information with the click of a mouse.

If you or someone you know has had their personal medical information or other personal data stolen by a cyber attack in California, please contact us using the button at the bottom of this page, or call 619-238-8700.


heading_departmentEight California hospitals were fined a total of $483,650 for serious issues in patient care, according to a report released Thursday.  The fines, levied by the California Department of Public Health, came after the Department’s investigations discovered non-compliance with licensing requirements which “caused, or was likely to cause, serious injury or death  to patients.” The fines ranged from $47,025 to $86,625 per hospital.

Administrative penalties are issued to hospitals under authority granted by California Health and Safety Code Section 1280.1. Newly adopted regulations allow the Department to assess an administrative penalty for incidents occurring on or after April 1, 2014, against a specified licensee for a deficiency constituting an “immediate jeopardy” violation up to a maximum of $75,000 for the first administrative penalty, up to $100,000 for the second, and up to $125,000 for the third and every subsequent violation within three years.

San Diego’s Vibra Hospital was among those fined.  Vibra was fined $47,025 in connection with a patient’s brain damage and death in 2014, attributed to staff ignoring signs and alarms that should have alerted them that a breathing ventilator had become disconnected, as reported by the San Diego Union Tribune.  A full report of the incident can be found on the Department of Public Health’s website.  The fine was noted as the hospital’s first “immediate jeopardy” administrative penalty since the program began. Vibra was also required to submit a “plan of correction” to California’s health regulators.

Licensing requirements exist to protect us from the increasingly consolidated, powerful, and for-profit medical industry.  As patient-advocates, and members of the community, we applaud these recent regulatory measures by the Department of Public Health.  At the same time, we question whether a $47,025 penalty for a preventable injury that ended a patient’s life sends a strong enough message of the value we place on patient safety.  Ultimately, it is not the amount of a single fine that will keep us safe. Safe care is brought about by long-term attention and support from consumers — and voters — for vigilant oversight of the medical industry.


In the spirit of thankfulness and as we approach the full gale of the holiday season, here are some true heroes to keep in mind: family caregivers. Some astounding figures according to AARP (American Association of Retired Persons):

  • 39.8 million Americans – 16.6 % of the population – are giving unpaid care to an adult.
  • If provided by paid workers, this care would cost $470 billion annually.
  • 18% of caregivers take care of two or more adults.
  • 13% of caregivers are assisting a friend or neighbor.
  • 2 million Americans care for their own adult children.
  • 40% of caregivers are men.
  • 7% of caregivers live more than two hours away from the person they help.

Just published for National Family Caregivers Month, November, 2015, here are some tips for respite:  “Respite” is relief or rest for the caregiver.  Giving a gift of respite to those who care for others is a wonderful way to show them they are appreciated and not forgotten.

Happy and Restful Holidays


With the coming of Breast Cancer Awareness Month in October, it’s a good time to talk about charity scams.   Our firm handles fraud actions in the healthcare context, and scams burn us up.    Do some research — know your donation dollars are going to actually support breast cancer research and programs.   As one site put it, “Think Before You Pink.”   This includes not just donating, but purchasing products which purport to give to breast cancer research.

Look for well-established charities, ones that are transparent about how funds are spent, and especially those that will disclose financial records.

My family recently decided to donate an older family car to the fight against breast cancer.  We found a site coming up first on internet searches.  A call to the site number had a representative saying suspicious things.  We did more research.  Good thing.  On further research, the charity appeared convoluted, difficult to track, and was criticized for not being reliable for charitable giving.  For example, it appeared that the charity took in $5.7M in revenues in 2013, but their expenses claimed were $5.65M.  The Form 990 on file with the IRS showed that very little money actually went to a true charitable purpose.   Do we know whether it was a trustworthy charity?  No, there was not enough out there to assure us, and plenty to raise red flags.   In the end, the car went not to them, but to a different charity with solid figures and accountability.

If you think the warm, fuzzy charity that is tugging at your heartstrings is worth your $$, make sure it can support its claims.   Try this link set up by the California Department of Justice:  Put the name of the charity to which you’d like to donate in their Charity Research Tool.   Be cautious if your charity does not appear, and do further research.   You also may want to take a look at this scary recent news clip:  Bottom line:   Sadly, charity scammers are out there, and you’ve got to be vigilant so you don’t get “pinked in a wink.”


In what industry, other than health care, are consumers expected to make life-altering decisions about who to hire (for the most important job — their health) without the slightest idea what their services will cost?

CR-Health-II-California-Project-Logos-09-15A new website clears some of the fog surrounding health care value in California.  A tool on the site allows consumers to compare California hospitals and health care providers on both cost and quality. But health insurers may be making a play to render it useless.

The $3.9 million web tool was created through a partnership between the California Department of Insurance, UC San Francisco, Consumers Union (the publisher of Consumer Reports) and others.  It allows comparison of quality scores of health care providers with the amount they charge for their services.

Visit the website by clicking the pic above, or going to

This information, particularly the quality scores, is sorely needed by California consumers and is an excellent step forward.  Where the project falls flat for many consumers, however, is that it does not allow consumers to compare the net cost charged to them between different health insurance plans.  Due in part to the Affordable Care Act, a lot of us are insured, and that number is growing. According to the LA Times, health insurance companies have worked to block the inclusion of their rates in a comparable tool.  Instead, we are left with statewide averages, which can mask wide variations between insurance plans.

So, for many of us, the comparison is incomplete.  We can discover the rated quality of a provider, and the average price of the service… but not actual cost to ourselves or our insurer, or what it would be under a different plan. (Our insurer’s cost becomes very important in liability claims, because they demand their portion back!).  Detailed cost estimates from insurers can be found by clicking a button on the new website.  But only health plan members with an active policy can access that information — ensuring that no cost comparison can be made before buying a policy.

We applaud the new “CA Health Care Compare” website as an important first step in health care value transparency.  And we urge the Department of Insurance, Consumers Union and California consumers to keep the heat on insurers to pull back their curtain on pricing, so that the site might reach its full potential.



Jan is not only knowledgeable and professional, but she has a true heart for helping people. Practicing law is her ‘purpose and passion’ and she displays this through her compassion and caring, [and] her fire and tenacity. Jan fights for her clients and she does not back down. She is honest and direct.

Client P

I cannot say enough about the professionalism and knowledge Jan has shown. She is on it! People like her are so rare to come by. I would give her 10 stars if I could! I will recommend her to any friend or family member I know.

Client CH

A skilled team who understands people as well as law.

Client EK

They give their everything and more. Super Smart, Super Diligent, Compassionate, Warm and Caring, Upfront and Honest.

Client MM

Jan was nothing short of amazing in her verbal dominance of the other side in depositions and trial arguments. Let’s say I am very glad she was on my side of the table. At the conclusion of my case the judge looked at me and said, hope you appreciate the Herculean effort that your lawyers gave in this case. Believe me I did! That’s just how they roll.

Client A.V.