In or around October 2021, cybercriminals managed to get into the systems of Medscan Laboratory, Inc., which does business as Adaptive Health Integrations (AHI). The complaint for this class action alleges that AHI did not take reasonable care to safeguard and protect the personally identifiable information (PII) of its patients.
The Nationwide Class for this action is all persons living in the US whose private information was compromised in the data breach found to have occurred in or about October 2021 and who were sent notices of the data breach. A North Dakota Subclass has also been defined for those in the above class who live in North Dakota.
AHI offers billing and software services for medical providers, such as laboratories, doctor’s offices, and healthcare companies. The complaint alleges that, although the data breach took place on or around October 17, 2021, AHI first became aware of unauthorized activity on its network only in February 2022, and only notified the victims in or around April 2022.
According to the complaint, the notification was “woefully deficient[.]” It “did not explain what type of attack had occurred, what type of information had been affected, or any of the other circumstances surrounding the data breach” or what caused the delay in sending out the notification.
AHI is located in North Dakota, and the complaint alleges that the late notification violates that state’s laws.
The plaintiff in this case, Bradley Henke, has already suffered bad effects of the data breach, the complaint alleges: “Approximately two weeks before [Henke received] the notification letter from AHI about the Data Breach, an unauthorized actor charged Mr. Henke’s debit card two times for over $700 worth of merchandise fraudulently purchased from a vendor in New York State that he did not recognize.” The complaint alleges Henke has spent five hours dealing with these fraudulent uses of his debit card.
The complaint alleges that by collecting, using, and getting a benefit from its patients’ private information, AHI assumed legal and equitable duties to protect that information. In addition to responsibility for the PII it stored, the complaint claims, it had responsibilities to keep patient information private under the Health Insurance Portability and Accountability Act (HIPAA).
AHI’s “failure to provide adequate security measures to safeguard patients’ Private Information is especially egregious because [AHI] operates in a field which has recently been a frequent target of scammer attempting to fraudulently gain access to customers’ highly confidential Private Information.” The complaint alleges that the FBI has warned healthcare companies that hackers have been targeting businesses in their field.
The complaint lists precautions that businesses should take to protect the information they store. AHI did not comply with the Federal Trade Commission’s (FTC’s) guidelines or healthcare industry standards, the complaint alleges.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Adaptive Health Integrations Failure to Protect Patient Information Complaint
April 25, 2022
In or around October 2021, cybercriminals managed to get into the systems of Medscan Laboratory, Inc., which does business as Adaptive Health Integrations (AHI). The complaint for this class action alleges that AHI did not take reasonable care to safeguard and protect the personally identifiable information (PII) of its patients.
Adaptive Health Integrations Failure to Protect Patient Information ComplaintCase Event History
Adaptive Health Integrations Failure to Protect Patient Information Complaint
April 25, 2022
In or around October 2021, cybercriminals managed to get into the systems of Medscan Laboratory, Inc., which does business as Adaptive Health Integrations (AHI). The complaint for this class action alleges that AHI did not take reasonable care to safeguard and protect the personally identifiable information (PII) of its patients.
Adaptive Health Integrations Failure to Protect Patient Information Complaint