Eye Care Leaders Compromise of Patient PII and PHI Class Action

Eye Care Leaders Holdings, LLC is a group of ophthalmology companies that the complaint for this class action claims has more than 9,000 eye care clinics across the US. Recently, the company suffered a data breach because, the complaint claims, it did not adequately protect the personally identifiable information (PII) or protected health information (PHI) of the patients of these practices. Even worse, the complaint alleges that Eye Care Leaders still has not notified the individual victims that their information has been compromised.

The Nationwide Class for this action is all individuals living in the US whose private information was compromised in the data breach affecting Eye Care Leaders, including all persons receiving notice of the data breach through Eye Care Leaders’ customers.

Referring to the company’s website, the complaint calls Eye Care Leaders “the No. 1 source for top-rated ophthalmology-specific HER and Practice Management systems[,]” assembling different eye care companies “with the common goal of continuing to offer and grow the best eye-care solutions available in the market” with “over 9,000 eye care clinics across the country.” Eye Care Leaders provides recordkeeping services for these eye care entities.

The data breach occurred when an unauthorized party got access to Eye Care Leaders’ systems on December 4, 2012, the complaint says, then stole data and “deleted databases and system configuration files[,]” which the complaint alleges involved the PII and PHI of more than two million eye care patients.

The complaint alleges that the unencrypted information stolen includes names, addresses, dates of birth, Social Security numbers, and diagnostic and health insurance information.

“Despite the Data Breach taking place in 2021,” the complaint claims, Eye Care Leaders “hid the Breach from its customers for months. In fact, [Eye Care Leaders] has still not notified breach victims that cybercriminals stole their information.” The individual victims appear to be beginning to get word of the data breach through the Eye Care Leaders’ customers, that is, the eye care clinics and other providers of care.

According to the complaint, Eye Care Leaders “willfully, recklessly, and/or negligently” did not take proper care of patients’ information, so that it is not likely for sale on the dark web. The complaint faults the company for “failing to take and implement adequate and reasonable measures to ensure that the PII and PHI” that it kept on file “was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required, and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use.”

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy