Keystone Rural Health Center, which does business as Keystone Health, suffered a data breach in the summer of 2022. The complaint for this class action alleges that this incident “was a direct result of [Keystone’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect individuals’ Private Information with which it was entrusted…”
The class for this action is all persons whose Private Information was compromised as a result of the data breach discovered by Keystone in August 2022 and which it provided notice of in or around October 2022.
The data security incident occurred between July 28 and August 19, 2022, the complaint alleges, exposing both the personally identifiable information (PII) and the protected health information (PHI) of more than 235,000 people.
One of the plaintiffs in this case, John Hagle, received a Notice of Data Breach letter from Keystone. The complaint alleges that it did not provide a detailed account of what data of his had been stolen but said merely, “The files contained your name, Social Security number, and records regarding your care with Keystone Health.”
The complaint claims that Hagle was “especially alarmed by the vagueness of his stolen extremely private medical information (PHI) and equally by the fact that his Social Security number was identified as among the breached data…” He has already found a fraudulent charge of $59 on his bank account.
Both he and the other plaintiff, Randy Jansen, have been receiving many spam emails and texts which they did not receive before this.
The complaint alleges that Keystone maintained the information “in a reckless manner” and “disregarded the rights of” the people whose information it stored by “intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions” among other things.
It also claims that Keystone did not monitor its systems well enough, or it would have discovered the data breach sooner instead of allowing the hackers free access for almost a month.
In its Notice of Data Breach, the complaint argues, Keystone claims to “committed to protected the privacy and security of our patients’ information” yet also claims to be “implementing new network security measures and providing additional training to our employees.”
According to the complaint, the data breach was a foreseeable risk for a healthcare entity. It alleges that Keystone did not comply with Federal Trade Commission (FTC) guidelines for security for private businesses or with industry standards for healthcare providers.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Keystone Rural Health Center Data Breach Complaint
December 5, 2022
Keystone Rural Health Center, which does business as Keystone Health, suffered a data breach in the summer of 2022. The complaint for this class action alleges that this incident “was a direct result of [Keystone’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect individuals’ Private Information with which it was entrusted…”
Keystone Rural Health Center Data Breach ComplaintCase Event History
Keystone Rural Health Center Data Breach Complaint
December 5, 2022
Keystone Rural Health Center, which does business as Keystone Health, suffered a data breach in the summer of 2022. The complaint for this class action alleges that this incident “was a direct result of [Keystone’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect individuals’ Private Information with which it was entrusted…”
Keystone Rural Health Center Data Breach Complaint