The complaint for this class action describes Community Surgical Supply, Inc. (CSS) as “a clinically-focused home care equipment and service provider that works with medical professionals to provide medical care solutions in the home.” But the complaint also claims that CSS did not take adequate measures to safeguard the personally identifiable information (PII) that it stores and therefore bears responsibility for a recent data breach.
The class for this action is all persons living in the US whose PII was compromised in the data breach.
The complaint quotes CSS’s notice of the data breach as saying that it “experienced a data security incident” the data breach began on October 15, 2021 when an unauthorized party gained access to CSS’s systems. The complaint alleges that the data breach continued until December 20, 2021 and that “CSS purportedly did not determine what information was accessed until February 4, 2022.”
Even then, the complaint alleges that notices were not sent out until around a July 29, 2022.
The information accessed, the complaint alleges, included names, Social Security numbers, addresses, dates of birth, and passport, driver’s license, and other governmental identification numbers. “Upon information and belief,” the complaint claims, “the PII was not encrypted or was not adequately encrypted prior to the data breach.”
The complaint faults CSS for “multiple acts of negligence,” including failing to have “reasonable data security systems and safeguards; and/or failure to exercise reasonable care in the hiring, supervision, training, and monitoring of its employees and agents and vendors; and/or failure to comply with industry-standard data security practices; and/or failure to comply with federal and state laws and regulations” among other things. It claims that CSS also did not destroy PII that was no longer necessary to its business.
According to the complaint, CSS should have been warned about the likelihood of a data breach by the many high-profile data breaches that have occurred in recent years, including at Microsoft, Wattpad, Facebook, Estee Lauder, and many other sizable companies. “Indeed,” the complaint alleges, “cyberattacks against the healthcare industry have been common for over ten years with the FBI warning as early as 2011 that cybercriminals were ‘advancing their abilities to attack a system remotely’…”
Still, the complaint alleges, CSS did not comply with Federal Trade Commission standards or industry standards for data security.
The complaint claims, “While CSS admits that enhanced ‘technical security measures’ were required to improve its data security systems, there is no indication based solely on the Notice Letter whether these steps are fully adequate to protect” PII in the future, “as the source and root cause of the data breach were not disclosed and remain unknown and undiscoverable…”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Community Surgical Supply Data Breach Complaint
August 15, 2022
The complaint for this class action describes Community Surgical Supply, Inc. (CSS) as “a clinically-focused home care equipment and service provider that works with medical professionals to provide medical care solutions in the home.” But the complaint also claims that CSS did not take adequate measures to safeguard the personally identifiable information (PII) that it stores and therefore bears responsibility for a recent data breach.
Community Surgical Supply Data Breach ComplaintCase Event History
Community Surgical Supply Data Breach Complaint
August 15, 2022
The complaint for this class action describes Community Surgical Supply, Inc. (CSS) as “a clinically-focused home care equipment and service provider that works with medical professionals to provide medical care solutions in the home.” But the complaint also claims that CSS did not take adequate measures to safeguard the personally identifiable information (PII) that it stores and therefore bears responsibility for a recent data breach.
Community Surgical Supply Data Breach Complaint