This class action brings suit against the Center for Autism and Related Disorders, Inc., alleging that it failed to properly protect the personally identifiable information (PII), personal health information (PHI), and financial information of individuals who’d entrusted it with their information. It speaks of a “massive and preventable cyberattack announced by” the Center in October 2020, and claims the information “was being kept unprotected…”
A class and a subclass have been defined for this action:
- The Nationwide Class is all individuals in the US whose PII, PHI, or financial information was exposed to unauthorized persons as a result of the data breach announced by the Center in or around October 2020.
- The California Subclass is all individuals in California whose PII or PHI was stored by the Center and/or was exposed to unauthorized persons as a result of the data breach announced by the Center in or around October 2020.
The individuals whose information was stolen include both employees and patients of the Center. The complaint alleges that when the Center collected the PII and PHI, it took on certain duties to those who owned the information.
According to the complaint, the information accessed included information such as diagnosis, treatment, contact information, dates of birth, and insurance data. However, the complaint alleges that the victims “remain, even today, in the dark regarding what particular data was stolen, the particular malware used, and what steps are being taken, if any, to secure their PHI/PII and financial information going forward.”
The complaint contends that the Center had warnings that it was at risk in connection with the large number of cyberattacks on healthcare and other entities in recent years. For example, the complaint claims, in late September 2020, Universal Health Services suffered an attack that put its systems down for four weeks and “caused as much as $67 million in recovery costs and lost revenue.”
According to the complaint, the Federal Trade Commission (FTC) considers not properly safeguarding sensitive customer information to be an unfair or deceptive act or practice.
The complaint quotes the Data breach and Encryption Handbook as saying, “In almost all cases, the data breaches that occurred could have been prevented by proper planning and the correct design and implementation of appropriate security solutions.”
The complaint says it “seeks to hold [the Center] responsible” because it did not make sure that the information it possessed was maintained according to industry standards, the Health Insurance Portability and Accountability Act of 1996” (HIPAA), or the California Confidentiality of Medical Information Act (CMIA).
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Center for Autism and Related Disorders Data Breach Complaint
January 31, 2022
This class action brings suit against the Center for Autism and Related Disorders, Inc., alleging that it failed to properly protect the personally identifiable information (PII), personal health information (PHI), and financial information of individuals who’d entrusted it with their information. It speaks of a “massive and preventable cyberattack announced by” the Center in October 2020, and claims the information “was being kept unprotected…”
Center for Autism and Related Disorders Data Breach ComplaintCase Event History
Center for Autism and Related Disorders Data Breach Complaint
January 31, 2022
This class action brings suit against the Center for Autism and Related Disorders, Inc., alleging that it failed to properly protect the personally identifiable information (PII), personal health information (PHI), and financial information of individuals who’d entrusted it with their information. It speaks of a “massive and preventable cyberattack announced by” the Center in October 2020, and claims the information “was being kept unprotected…”
Center for Autism and Related Disorders Data Breach Complaint