Capsule Corporation is an online pharmacy that takes orders through its mobile app and offers same-day delivery. Unfortunately, it experienced a data breach in April 2022 that the complaint for this class action claims stemmed, among other things, from its “intentionally, willfully, recklessly, or negligently” failing to take adequate measures to protect the personally identifiable information (PII) and protected health information (PHI) of its customers.
The National Class for this action is all individuals and entities living in the US whose PII and PHI were compromised by the data breach first announced by Capsule in May 2022. A California Subclass has been proposed for those in the above class living in California.
The complaint quotes Capsule’s Privacy Policy as stating, “Capsule is committed to safeguarding the privacy and security of the information that you provide to us or that others provide to us on your behalf.” Its FAQ, referring to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), also promises, “Your information is always secure with us. We store all of your personal data in an encrypted, HIPAA-compliant environment.”
Capsule’s Notice of Security Incident says that hackers gained access to Capsule accounts on April 5, 2022, and that Capsule began an investigation of the attack on the same day, with the help of a third-party forensic company.
The complaint alleges that the Notice does not provide enough information: “it provides scant detail about the nature, severity, or duration of the attack. Even worse, [Capsule] did not cause a Notice of Security Incident to be posted on its website or for the Notice(s) to be disseminated until over six weeks after [Capsule] first became cognizant of the Data Breach…”
The complaint states, “Simply, [Capsule] could have prevented this Data Breach.”
Capsule did not put in place adequate security measures to protect its customers’ information, the complaint alleges. “On information and belief,” it claims, “the PII and PHI compromised in the files accessed by hackers was not encrypted.”
Health care-related companies have become prime targets for cybercriminals, the complaint alleges, yet Capsule “provided unreasonably deficient protections prior to the Breach, including, but not limited to a lack of security measures for storing and handling patients’ PII and PHI and inadequate employee training regarding how to access, handle and safeguard information.”
The complaint also accuses Capsule of failing to follow Federal Trade Commission (FTC) guidelines for reasonable data security practices and failing to adhere to industry standards for data security for health care companies.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Capsule Exposure of Customer PII and PHI Complaint
June 27, 2022
Capsule Corporation is an online pharmacy that takes orders through its mobile app and offers same-day delivery. Unfortunately, it experienced a data breach in April 2022 that the complaint for this class action claims stemmed, among other things, from its “intentionally, willfully, recklessly, or negligently” failing to take adequate measures to protect the personally identifiable information (PII) and protected health information (PHI) of its customers.
Capsule Exposure of Customer PII and PHI ComplaintCase Event History
Capsule Exposure of Customer PII and PHI Complaint
June 27, 2022
Capsule Corporation is an online pharmacy that takes orders through its mobile app and offers same-day delivery. Unfortunately, it experienced a data breach in April 2022 that the complaint for this class action claims stemmed, among other things, from its “intentionally, willfully, recklessly, or negligently” failing to take adequate measures to protect the personally identifiable information (PII) and protected health information (PHI) of its customers.
Capsule Exposure of Customer PII and PHI Complaint