Healthcare providers have become a prime target for hackers and those looking to commit identity theft. This class action concerns a data breach at Keystone Health. The complaint alleges that the company failed to take adequate measures to protect the personally identifiable information (PII) and protected health information (PHI) it kept in its systems.
Two classes and two subclasses have been defined for this action:
- The Nationwide Class is all individual in the US whose PII or PHI was compromised in the Keystone data breach that occurred starting in July 2022.
- The Nationwide Minor Class is all individuals who were minors as of the date of this filing in the US whose PII or PHI was compromised in the Keystone data breach that occurred starting in July 2022.
- The Pennsylvania Subclass and Pennsylvania Minor Subclass are for those in the above classes, respectively, who are in Pennsylvania.
The complaint alleges, “Keystone knowingly obtains patient PII and PHI and has a resulting duty to securely maintain such information in confidence.”
The complaint quotes Keystone’s Notice of Privacy as saying that it is “required by law to maintain the privacy and security of your protected health information” and that “We will let you know promptly if a breach occurs that may have compromised the privacy and security of your information.”
According to the complaint, the data breach began on July 28, 2022 and continued until August 19, 2022. However, it claims that Keystone did not start sending out notices about the data breach until October 14, 2022.
The complaint claims that the PII and PHI exposed in the data breach included names, Social Security numbers, dates of birth, and medical information such as diagnosis, medications, providers, and types of treatments, affecting more than 235,000 people.
Data breaches have been on the rise, the complaint alleges, with “a record 847,376 complaints of cyber-crime reported to the FBI [in 2021], a seven percent increase over 2020. In addition, forty-seven percent of Americans experience financial identity theft in 2020.”
The complaint quotes Experian as saying, “ID theft victims often have to spend money to fix problems related to having their data stolen, which averages $600 according to the FTC. But security research firm Poneman Institute found that healthcare identity theft victims spend nearly $13,500 dealing with their hassles, which can include the cost of paying off fraudulent medical bills.”
“Despite the abundance and availability of information regarding cybersecurity best practices for the healthcare industry and the prevalence of health care data breaches,” the complaint alleges, Keystone “inexplicably failed to adopt sufficient data security processes.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Keystone Health Data Breach Complaint
November 17, 2022
Healthcare providers have become a prime target for hackers and those looking to commit identity theft. This class action concerns a data breach at Keystone Health. The complaint alleges that the company failed to take adequate measures to protect the personally identifiable information (PII) and protected health information (PHI) it kept in its systems.
Keystone Health Data Breach ComplaintCase Event History
Keystone Health Data Breach Complaint
November 17, 2022
Healthcare providers have become a prime target for hackers and those looking to commit identity theft. This class action concerns a data breach at Keystone Health. The complaint alleges that the company failed to take adequate measures to protect the personally identifiable information (PII) and protected health information (PHI) it kept in its systems.
Keystone Health Data Breach Complaint