A lawsuit has been filed and is seeking class action status against the hospital system regarding a security lapse that might have exposed the private information of more than 260,000 patients. An Advanced Receivables Strategy (ARS) employee mistakenly left several compact discs containing information including names and Social Security numbers in a computer bag being returned to a store. The hospital system did not notify patients of the lost information until October. The lawsuit claims The Sisters of St. Francis Health Services Inc. and its contractor violated federal HIPAA privacy laws and failed to take reasonable corrective action, such as promptly notifying patients of the breach. The lawsuit was filed in US District Court in Indianapolis and also named Greater Lafayette Health Systems Inc., ARS parent Perot Systems Corp., and an individual ARS employee as defendants.