fbpx

Inmediata Exposure of Private Information on Search Engines Class Action

In January 2019, Inmediata Health Group Corp. found that it was in the middle of a large exposure of the “unsecured protected health information and personal information” of a million and a half people. The complaint alleges, “This extremely sensitive data should have received the most rigorous protection available—it did not.” Instead, it was made accessible to anyone conducting searches on Internet search engines.

The Nationwide Class for this action is all persons in the US whose personal and medical information was compromised as a result of the data breach announced by Inmediata around April 24, 2019. California, Florida, and Minnesota Subclasses have also been defined, for people in those states.

The complaint charges about this data breach: “Inmediata posted on the Internet Plaintiffs’ and Class Members’ Personal and Medical Information.” How so? “Due to a webpage setting that permitted search engines to index webpages Inmediata uses for business operations, Plaintiffs’ and Class Members Personal and Medical Information was also searchable and findable by anyone with access to an internet search engine such as Google, Yahoo, Bing, etc.”

In other words, according to the complaint, “Inmediata failed to take basic, elementary, and necessary security precautions…” The complaint alleges, “It didn’t take a thief or a hacker to exploit Inmediata’s lax security, exfiltrate the information, and then post the information on a criminal underworld website; Inmediata skipped the intermediary and—on its own!—posted on the Internet Plaintiffs’ and Class Members’ Personal and Medical Information.”

The company announced the data breach on April 24, 2019. While it noted that Inmediata became aware of the accessibility of the information in January, it did not give any indication of when the exposure of information began. It waited until April 22, at least 81 days, until it informed the people whose information was affected—longer than the HIPAA Breach Notification Rule’s sixty-day deadline.

The information exposed may have included names, addresses, dates of birth, Social Security numbers, and medical claim information, including diagnosis codes, procedure codes, and treating physicians. Inmediata claims that no financial information was exposed, but the complaint alleges, “Plaintiffs do not accept this as an accurate statement.”

As of the date of filing of this complaint, the complaint says, Inmediata has not “offered or provided any fraud insurance or identity monitoring services to victims of the Data Breach whose Social Security Numbers were not, according to Inmediata, affected.

Inmediata offers software and services to health care providers, including data aggregating, outsourcing, billing, and accounts receivable.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Inmediata Exposure of Private Information on Search Engines Complaint

May 19, 2020

In January 2019, Inmediata Health Group Corp. found that it was in the middle of a large exposure of the “unsecured protected health information and personal information” of a million and a half people. The complaint alleges, “This extremely sensitive data should have received the most rigorous protection available—it did not.” Instead, it was made accessible to anyone conducting searches on Internet search engines.

Inmediata Exposure of Private Information on Search Engines Complaint

Case Event History

Inmediata Exposure of Private Information on Search Engines Complaint

May 19, 2020

In January 2019, Inmediata Health Group Corp. found that it was in the middle of a large exposure of the “unsecured protected health information and personal information” of a million and a half people. The complaint alleges, “This extremely sensitive data should have received the most rigorous protection available—it did not.” Instead, it was made accessible to anyone conducting searches on Internet search engines.

Inmediata Exposure of Private Information on Search Engines Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy