Adaptive Health Integrations Data Breach Class Action

Business related to healthcare are favorite targets of cybercriminals because of the extensive and valuable information they maintain. Medscan Laboratory, Inc. does business under the name of Adaptive Health Integrations (AHI) to handle billing, revenue, and laboratory information for healthcare companies, and it too has been hacked. The complaint alleges that AHI had a responsibility to protect the sensitive personal information (SPI) it stores but did not take adequate measures to do so.

The Nationwide Class for this action is all natural persons living in the US whose SPI was compromised in the data breach AHI announced on or around April 21, 2022. An Illinois Subclass has also been defined for those in the above class who live in Illinois.

In April 2022, AHI announced that hackers had entered its systems months before, on October 17, 2021, and had taken the information of more than half a million people. The SPI included names, dates of birth, addresses, and Social Security numbers. “However,” the complaint alleges, “in public notifications of the data breach, AHI redacted the types of information involved, so the total information involved may be greater than what any one recipient of the breach received in their notice.”

Various remarks the complaint makes about AHI do not paint the picture of a careful or painstaking organization. For one thing, the complaint alleges that its “website is maintained on a WordPress blog and misspells its own d/b/a a ‘Adapative Health Integrations.’” It also claims, “Information regarding AHI’s business model, clients, and even contact information is extremely scant[,]” and says there appears to be no Privacy Policy.

AHI purportedly became aware of the data breach on October 17, 2021, but the complaint alleges that it took six months before it began notifying the individual victims that their data had been compromised.

The complaint also charges that AHI has been vague about its response to the data breach and about the steps it has taken to make sure that cybercriminals do not gain access again, and also that it “is offering no additional assistance to [those affected by the data breach] beyond the entirely inadequate monitoring suggestions that are a part of its notice.”

The Federal Trade Commission (FTC) has updated its publication Protecting Personal Information: A Guide for Business, which provides cybersecurity guidelines.

The complaint alleges that AHI failed to properly implement basic data security practices, and its failure to employ reasonable and appropriate measures to protect against unauthorized access to consumer SPI constitutes an unfair act or practice prohibited by” the Federal Trade Commission Act (FTCA). It also claims that AHI did not comply with even the basic standards for a number of cybersecurity frameworks.

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy