fbpx

Lincare Failure to Adequately Protect PII and PHI Class Action

This class action takes on a data breach at Lincare, a large supplier of oxygen and other breathing therapy services. It brings suit against Lincare Holdings, Inc., Lincare, Inc., and Lincare Pharmacy Services, Inc., alleging that they failed to protect the personally identifiable information (PII) and the protected health information (PHI) of around 500 persons, although the complaint alleges that the true number is unknown.

The class for this action is all persons in the US and its territories whose PII and PHI were compromised in the data breach.

The complaint alleges that the company did not take adequate and reasonable steps to protect the PII and PHI it held in its systems and that it presented “a soft target” to hackers.

The complaint claims that Lincare’s systems may have been breached as early as September 10, 2021 with the hack continuing until September 29, 2021. However, the complaint claims that Lincare first announced the data breach on June 6, 2022, many months later.

Although Lincare claims that the data accessed varies by patient, the complaint contends that it included names, dates of birth, Social Security numbers, information about medical treatments, diagnosis and procedure, and health and prescription information.

The complaint calls the theft “a staggering coup for the cyber criminals and a stunningly bad showing for” Lincare. It alleges, “It is apparent from [Lincare’s] notice letter that the PII and PHI contained within its network was not encrypted.”

According to the complaint, Lincare’s Notice of Privacy Practices promises to protect PII and PHI. The complaint alleges that Lincare’s “data security obligations were particularly important given the known substantial increase in data breaches in the healthcare industry, including the recent massive data breach involving LabCorp, Quest Diagnostics, and American Collections Agency.”

The complaint also claims that Lincare had had warnings from the Federal Bureau of Investigation (FBI): “In August 2014, after a cyberattack on Community Health Systems, Inc., the FBI warned companies within the healthcare industry that hackers were targeting them[,]”trying to get at both PII and PHI.

The complaint also quotes an American Medical Association warning to healthcare entities, that says in part, “AMA research has revealed that 83% of physicians work in a practice that has experienced some kind of cyberattack. Unfortunately, practices are learning that cyberattacks not only threaten the privacy and security of patients’ health and financial information, but also patient access to care.”

In addition, the complaint claims, the Department of Health and Human Services Office for Civil Rights “urges the use of encryption of data containing sensitive personal information” and has fined two healthcare companies because they did not encrypt laptops that held that kind of information.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Lincare Failure to Adequately Protect PII and PHI Complaint

August 4, 2022

This class action takes on a data breach at Lincare, a large supplier of oxygen and other breathing therapy services. It brings suit against Lincare Holdings, Inc., Lincare, Inc., and Lincare Pharmacy Services, Inc., alleging that they failed to protect the personally identifiable information (PII) and the protected health information (PHI) of around 500 persons, although the complaint alleges that the true number is unknown.

Lincare Failure to Adequately Protect PII and PHI Complaint

Case Event History

Lincare Failure to Adequately Protect PII and PHI Complaint

August 4, 2022

This class action takes on a data breach at Lincare, a large supplier of oxygen and other breathing therapy services. It brings suit against Lincare Holdings, Inc., Lincare, Inc., and Lincare Pharmacy Services, Inc., alleging that they failed to protect the personally identifiable information (PII) and the protected health information (PHI) of around 500 persons, although the complaint alleges that the true number is unknown.

Lincare Failure to Adequately Protect PII and PHI Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy