fbpx

BioPlus Specialty Pharmacy Exposure of Patient PII and PHI Class Action

BioPlus Specialty Pharmacy Services, LLC is a pharmacy that offers specialty pharmacy services for patients with complex chronic conditions, such as cancer, multiple sclerosis, and hepatitis C. As such, it collects and stores both personally identifiable information (PII) and protected health information (PHI) on customers. The complaint for this class action alleges that BioPlus “is responsible for allowing” a recent data breach that exposed the PII and PHI of some 350,000 current and former patients.

The class for this action is all persons who live in the US and whose PII and PHI was compromised by the BioPlus data breach.

Around November 11, 2021, BioPlus found suspicious activity in its network, and eventually discovered that an unauthorized party had been inside it since October 25, 2021. However, the complaint alleges that it did not begin sending out the Notice of Data Breach until around December 10 of that year.

The information exposed in the data breach included names, dates of birth, medical record numbers, health plan ID numbers, claims information, diagnoses, prescription information, and, in some cases, Social Security numbers.

According to the complaint, the Notice suggested that victims of the data breach take “several time-consuming steps … to try to mitigate the risk of future fraud and identity theft…” For those whose Social Security numbers were stolen, it offered a single year’s subscription to Experian credit monitoring and identity protection services, even though the complaint alleges that victims will be at risk of identity theft for years.

The complaint alleges, “BioPlus is responsible for allowing this Data Breach through its failure to implement and maintain reasonable data security safeguards, failure to exercise reasonable care in the hiring and supervision of its employees and agents, and failure to comply with industry-standard data security practices as well as federal and state laws and regulations governing data security and privacy, including security of PII and PHI.”

The Federal Trade Commission (FTC) has updated its publication on how businesses can protect PII, which tells businesses how to properly get rid of PII that is no longer needed, finding network vulnerabilities, correcting security problems, using programs to detect intrusions, monitoring data traffic, and formulating a response plan.

According to the complaint, “[t]he FTC has brought enforcement actions against businesses for failing to protect customers’ PII. The FTC has done this by treating a failure to employ reasonable measures to protect against unauthorized access to PII as a violation of the FTC Act” in the US Code.

The complaint alleges that BioPlus “knew or should have known that it was an ideal target for hackers and those with nefarious purposes related to sensitive personal and health data.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

BioPlus Specialty Pharmacy Exposure of Patient PII and PHI Complaint

December 27, 2021

BioPlus Specialty Pharmacy Services, LLC is a pharmacy that offers specialty pharmacy services for patients with complex chronic conditions, such as cancer, multiple sclerosis, and hepatitis C. As such, it collects and stores both personally identifiable information (PII) and protected health information (PHI) on customers. The complaint for this class action alleges that BioPlus “is responsible for allowing” a recent data breach that exposed the PII and PHI of some 350,000 current and former patients.

BioPlus Specialty Pharmacy Exposure of Patient PII and PHI Complaint

Case Event History

BioPlus Specialty Pharmacy Exposure of Patient PII and PHI Complaint

December 27, 2021

BioPlus Specialty Pharmacy Services, LLC is a pharmacy that offers specialty pharmacy services for patients with complex chronic conditions, such as cancer, multiple sclerosis, and hepatitis C. As such, it collects and stores both personally identifiable information (PII) and protected health information (PHI) on customers. The complaint for this class action alleges that BioPlus “is responsible for allowing” a recent data breach that exposed the PII and PHI of some 350,000 current and former patients.

BioPlus Specialty Pharmacy Exposure of Patient PII and PHI Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy