fbpx

20/20 Eye Care Network Inadequate Data Security Class Action

20/20 Eye Care Network, Inc. and iCare Health Solutions, LLC are related companies that deal with hearing and vision insurance, including with respect to over-55 ophthalmology and optometry in Florida. The complaint for this class action alleges that the companies failed to protect patients’ personally identifiable information (PII) and protected health information (PHI) from a 2021 data breach.

The class for this action is all persons who live in the US whose PII and PHI were compromised in the data breach.

The complaint alleges, “On January 11, 2021, Eye Care was alerted to suspicious activity in its Amazon Web Services (‘AWS’) environment. Over a month later, it confirmed that as a result of ‘insider wrongdoing,’ S3 buckets hosted in AWS had been accessed, data in those buckets had been downloaded, and then all data in the S3 buckets was deleted…” (S3 buckets are apparently a means of storing information or objects.)

This data breach, the complaint alleges, may have involved the PII and PHI of as many as 3.2 individuals. Did Eye Care immediately alert the victims? No, the complaint says: “Eye Care did not begin notifying the individual victims of the Data Breach until May of 2021.” Their first notification of the data breach came in a letter dated May 28 of that year.

Eye Care bears responsibility for the data breach, the complaint charges, “through its failure to implement and maintain reasonable data security safeguards, failure to exercise reasonable care in the hiring and supervision of its employees and agents, and failure to comply with industry-standard data security practices as well as federal and state laws and regulations governing data security and privacy, including the security of PII and PHI.”

The complaint alleges that the companies should have detected the intrusion into its systems and recognized the large amounts of data that had been compromised. The complaint claims, “Had Defendants properly maintained and monitored their information technology infrastructure, they would have discovered the invasion sooner—and/or prevented it altogether.”

The injuries to the victims were increased by the failure to inform them properly, the complaint alleges.

The victims are now being offered one year of Single Bureau Credit Monitoring from TransUnion. However, the complaint points out that “this service only monitors fraudulent activity reported to TransUnion. Fraudulent activity reported to other reporting bureaus, such as
Equifax and Experian, will not be monitored.”

The complaint alleges, “The [Federal Trade Commission (FTC)] has, upon information and belief, brought enforcement actions against businesses for failing to protect customers’ PII. The FTC has done this by treating a failure to employ reasonable measures to protect against unauthorized access to PII as a violation of the FTC Act,” which is part of the US Code. The complaint alleges that the companies knew, or should have known, that they were “prime targets” for attacks.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

20/20 Eye Care Network Inadequate Data Security Complaint

June 22, 2021

20/20 Eye Care Network, Inc. and iCare Health Solutions, LLC are related companies that deal with hearing and vision insurance, including with respect to over-55 ophthalmology and optometry in Florida. The complaint for this class action alleges that the companies failed to protect patients’ personally identifiable information (PII) and protected health information (PHI) from a 2021 data breach.

20/20 Eye Care Network Inadequate Data Security Complaint

Case Event History

20/20 Eye Care Network Inadequate Data Security Complaint

June 22, 2021

20/20 Eye Care Network, Inc. and iCare Health Solutions, LLC are related companies that deal with hearing and vision insurance, including with respect to over-55 ophthalmology and optometry in Florida. The complaint for this class action alleges that the companies failed to protect patients’ personally identifiable information (PII) and protected health information (PHI) from a 2021 data breach.

20/20 Eye Care Network Inadequate Data Security Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy