fbpx

CareSouth Carolina Exposure of Patient Information Class Action

Health care companies and facilities are a frequent target of cyberattacks. The complaint for this class action brings suit against CareSouth Carolina, Inc., alleging that it failed to protect the personally identifiable information (PII) and protected health information (PHI) of its patients, resulting in a data breach in late 2020.

The class for this action is all patients of CareSouth whose personal and medical information was compromised as a result of the data breach which occurred in December 2020.

CareSouth has personal and patient information stored by NetGain Technology, Inc. This information, the complaint alleges, includes names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, credit or debit card information, financial account information and health insurance information.

On December 3, 2020, the complaint alleges that a cyberattack was launched against some NetGain servers that contained CareSouth information files. The complaint claims that “the cybercriminals conducting the Data Breach were able to obtain personal and medical information which was unencrypted and unprotected by [CareSouth].”

Unfortunately, CareSouth did not send the victims a notice of the data breach until around May 17, 2021, around five months after cybercriminals gained access to their information.

Some of the information accessed by the cybercriminals belonged to the plaintiff in this case, Summer Mixon. The complaint alleges that “due to SouthCare’s negligence, nefarious actors attempted to open accounts in [Mixon’s] name and thus damage[ed] her reputation and credit worthiness…” The complaint then displays a screenshot of two dark web alerts of her compromised email address, and two credit alerts, including an address change and the opening of a new account.

The complaint claims that NetGain paid “a significant amount to the attacker in exchange for promises that the attacker will delete all copies of the data and that it will not publish, sell, or otherwise share the data.” The payment and promises do not appear to have helped Mixon’s situation in any way.

CareSouth has offered Mixon and other victims only twelve months of identity theft protection services.

The complaint alleges that CareSouth “failed to properly safeguard” the information that patients entrusted to it.

Patients’ health information is protected by the Health Insurance Portability and Accountability Act (HIPAA), which sets national standards, the complaint says, “for protecting health information that is kept or transferred in electronic form.”

The Federal Trade Commission (FTC) also has found, the complaint says, that “a company’s failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information is an ‘unfair practice’ in violation of the FTC Act.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

CareSouth Carolina Exposure of Patient Information Complaint

January 28, 2022

Health care companies and facilities are a frequent target of cyberattacks. The complaint for this class action brings suit against CareSouth Carolina, Inc., alleging that it failed to protect the personally identifiable information (PII) and protected health information (PHI) of its patients, resulting in a data breach in late 2020.

CareSouth Carolina Exposure of Patient Information Complaint

Case Event History

CareSouth Carolina Exposure of Patient Information Complaint

January 28, 2022

Health care companies and facilities are a frequent target of cyberattacks. The complaint for this class action brings suit against CareSouth Carolina, Inc., alleging that it failed to protect the personally identifiable information (PII) and protected health information (PHI) of its patients, resulting in a data breach in late 2020.

CareSouth Carolina Exposure of Patient Information Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy