Providers of medical services have become prime targets for data breaches. This time, the company is Lincare Holdings, Inc., which the complaint for this class action describes as “a home medical services provider, durable products renter, and mail order pharmacy…” The complaint alleges that Lincare failed to adequately protect the sensitive personal information (SPI) it stored in its systems.
The Nationwide Class for this action is all natural persons living in the US whose SPI was compromised in the data breach announced by Lincare on or around June 6, 2022. A Northh Carolina Subclass has also been defined, as all persons in the above class living in North Carolina.
Among the services Lincare provides, says the complaint, referring to the company website, are home oxygen therapy, sleep apnea therapy, nebulizer therapy, in-home INR testing, cardiac monitoring, wellness checks, durable medical equipment rental, and enteral therapy.
The complaint quotes Lincare’s security notice about the data breach as saying that on “September 26, 2021, Lincare identified unusual activity on certain systems within its network.” It also said, “The investigation confirmed that certain systems may have first been accessed on September 10, 2021. The authorized access was blocked by September 29, 2021.”
According to Lincare, the information accessed included “first and last names, addresses, Lincare account numbers, date of birth, medical information, which may include information concerning medical treatments individuals received such as provider name, dates of service, diagnosis/procedure, and/or account or record numbers, health insurance information, and/or prescription information” in addition to Social Security numbers for some customers.
Although the data breach occurred in September 2021, the complaint alleges that it took the company more than eight months to disclose it, on June 6, 2022. Therefore, the complaint claims, Lincare’s customers’ information was in possession of cybercriminals for eight months before the customers were told about it.
The complaint alleges that Lincare has been vague about what it has done about the data breach, although the company claims that it “enlisted cybersecurity experts to assist in the investigation and notified law enforcement of the incident” and is putting “additional technological safeguards on our systems that contain personal information…”
Even worse, the complaint claims that Lincare “is offering no additional assistance to Plaintiff and class members beyond vague offers of ‘complimentary credit monitoring and identity theft protection’ which are wholly inadequate to the nature of the breach…”
Among other things, the complaint alleges that Lincare used an outdated version of Transport Layer Security to transmit information.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Lincare Holdings Medical Services Data Breach Complaint
July 14, 2022
Providers of medical services have become prime targets for data breaches. This time, the company is Lincare Holdings, Inc., which the complaint for this class action describes as “a home medical services provider, durable products renter, and mail order pharmacy…” The complaint alleges that Lincare failed to adequately protect the sensitive personal information (SPI) it stored in its systems.
Lincare Holdings Medical Services Data Breach ComplaintCase Event History
Lincare Holdings Medical Services Data Breach Complaint
July 14, 2022
Providers of medical services have become prime targets for data breaches. This time, the company is Lincare Holdings, Inc., which the complaint for this class action describes as “a home medical services provider, durable products renter, and mail order pharmacy…” The complaint alleges that Lincare failed to adequately protect the sensitive personal information (SPI) it stored in its systems.
Lincare Holdings Medical Services Data Breach Complaint