Lincare Holdings, Inc., says the complaint for this class action, is a leading provider of respiratory care at over a thousand US locations. With that kind of business, the company no doubt has personally identifiable information (PII) and protected health information (PHI) for a large number of people. However, the complaint alleges that Lincare did not take sufficient measures to protect this information, resulting in a data breach in September 2021.
The class for this action is all individuals living in California whose personal information was compromised, accessed, or viewed in the data breach revealed by Lincare in June 2022.
The data breach apparently occurred around September 10, 2021, the complaint alleges, but “[a]s a result of Lincare’s inadequate systems and its inability to safeguard patient data, Lincare was unaware of the breach for over two weeks.”
Lincare discovered the data breach on September 26, the complaint claims, “and allegedly began taking measures to stop it as of September 29, 2021. But through an internal investigation, Lincare was unable to determine the exact information cybercriminals stole and from which patients.”
Lincare only finally issued a Notice of Data Breach around June 28, 2022, the complaint alleges. According to that notice, the information exposed included account information, dates of birth, health insurance, medical information, insurance information, and/or Social Security numbers.
The complaint claims that this is not the first time Lincare has experienced a data breach. Information about Lincare employees was exposed in a data breach in February 2017, the complaint alleges, which led to a class action and eventual settlement.
The complaint alleges that “Lincare failed to adequately train its employees on reasonable cybersecurity protocols or implement reasonable security measures, causing it to lose control over patients’ PII and PHI.” The failure to even notice the data breach for more than two weeks, the complaint says, “demonstrates that Lincare did not have an adequate system in place to timely detect and prevent attempted data breaches.”
According to the complaint, Lincare did not comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
The Federal Trade Commission (FTC) also publishes security guidelines, including in its publication Protecting Personal Information: A Guide for Business, which it updated in 2016. The complaint alleges that Lincare also failed to comply with FTC guidelines. The complaint asserts, “Lincare’s failure to employ reasonable and appropriate measures to protect against unauthorized access to patient PHI constitutes an unfair act or practice prohibited by Section 5 of the [Federal Trade Commission Act]…”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Lincare Holdings Second Data Breach Complaint
July 28, 2022
Lincare Holdings, Inc., says the complaint for this class action, is a leading provider of respiratory care at over a thousand US locations. With that kind of business, the company no doubt has personally identifiable information (PII) and protected health information (PHI) for a large number of people. However, the complaint alleges that Lincare did not take sufficient measures to protect this information, resulting in a data breach in September 2021.
Lincare Holdings Second Data Breach ComplaintCase Event History
Lincare Holdings Second Data Breach Complaint
July 28, 2022
Lincare Holdings, Inc., says the complaint for this class action, is a leading provider of respiratory care at over a thousand US locations. With that kind of business, the company no doubt has personally identifiable information (PII) and protected health information (PHI) for a large number of people. However, the complaint alleges that Lincare did not take sufficient measures to protect this information, resulting in a data breach in September 2021.
Lincare Holdings Second Data Breach Complaint