Healthcare companies have become prime targets for data breaches because of the extensive and valuable information they keep on file. The complaint for this class action alleges that ARcare, a healthcare network that serves Arkansas, Kentucky, and Mississippi, did not take adequate measures to prevent a 2022 data breach that disrupted its services and compromised personally identifiable information (PII) and protected health information (PHI).
The Nationwide Class for this action is all US residents whose PII and PHI were actually or potentially accessed or acquired during the data beach that is the subject of the Notice of Data Breach published by ARcare on or around April 22, 2022.
The data breach was discovered on February 24, 2022, the complaint alleges, causing a temporary disruption to ARcare services. According to the Notice, “ARcare immediately worked to secure its systems and quickly commenced an investigation to confirm the nature and scope of the incident.”
The investigation reported, on March 14, 2022, that an unauthorized person had intruded into the systems and had access to the information contained therein between January 18 and February 24, 2022. The investigation ended on April 4, 2022, reporting that the information compromised included dates of birth, Social Security numbers, driver’s license or state ID numbers, financial account information, medical diagnosis and treatment information, prescriptions, and health insurance information.
The complaint alleges that the information was unencrypted.
The complaint says, “By obtaining, collecting, using, and deriving a benefit from the PII and PHI … [ARcare] assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”
Instead, the complaint claims, ARcare failed in its duties “by intentionally, willfully, recklessly, and/or negligently failing” to implement sufficient measures to safeguard the information, failing to prevent the disclosure of the data, and failing to encrypt the data.
The complaint quotes the FBI as saying, “Prevention is the most effective defense against ransomware and it is critical to take precautions for protection.” The complaint then lists a number of measures recommended by the US Government.
After that, it provides another list of measures recommended by the US Cybersecurity & Infrastructure Security Agency.
The complaint alleges that ARcare could have prevented the data breach by properly securing and encrypting the information, and/or by destroying the data of persons with whom it had had no relationship for an extended length of time. According to the complaint, ARcare would have had “repeated warnings and alerts” that it was a likely target for cybercriminals.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
ARcare Data Breach Complaint
June 17, 2022
Healthcare companies have become prime targets for data breaches because of the extensive and valuable information they keep on file. The complaint for this class action alleges that ARcare, a healthcare network that serves Arkansas, Kentucky, and Mississippi, did not take adequate measures to prevent a 2022 data breach that disrupted its services and compromised personally identifiable information (PII) and protected health information (PHI).
ARcare Data Breach ComplaintCase Event History
ARcare Data Breach Complaint
June 17, 2022
Healthcare companies have become prime targets for data breaches because of the extensive and valuable information they keep on file. The complaint for this class action alleges that ARcare, a healthcare network that serves Arkansas, Kentucky, and Mississippi, did not take adequate measures to prevent a 2022 data breach that disrupted its services and compromised personally identifiable information (PII) and protected health information (PHI).
ARcare Data Breach Complaint