Netgain Technology Data Breach Class Action

Netgain Technology, LLC offers information technology and cloud-computing services to health care and accounting entities. Because of the highly sensitive information it holds for such businesses, the complaint for this class action alleges, Netgain markets itself as a sophisticated company with “DoD-grade” security and “ultra-secure protection. But the class action alleges that Netgain in fact did not take adequate measures to protect the information it held, leading to a data breach or ransomware attack that occurred in September 2020.

The Nationwide Class for this action is all natural persons living in the US whose data was exposed in the data breach. A Minnesota Subclass has also been defined, for those in the above class living in Minnesota.

Netgain specializes in providing IT services to healthcare and financial services companies, and therefore maintains in its systems highly sensitive personally identifiable information (PII) and protected health information (PHI).

The company portrayed itself as an expert in cybersecurity, the complaint claims, saying that “Protecting your practice is crucial” and that “appropriate administrative and technical controls will mitigate your practice’s vulnerability[.]” The complaint claims it even offered its clients cybersecurity webinars and presentations, such as “Security Awareness Training” and “The Costs of Bad Security and How It Affects Your Organization.”

“Yet,” the complaint alleges, “while its customers reasonably believed their data was safe within Netgain’s confines, … Netgain’s guard was down and cyber criminals infiltrated its walls.”

The complaint alleges, “In the leadup to the Data Breach, Netgain was disorganized, had an incredibly high rate of employee turnover, and had extensive problems meeting deadlines and addressing client concerns. These organizational difficulties were a red flag that either did or should have put Netgain on notice that its systems were vulnerable to attack and that it had not adequately staffed or supported a secure environment.”

According to the complaint, Netgain suffered a ransomware attack that lasted from September to December 2020. Disclosures of the data breach began in January 2021, the complaint claims, and continued for more than a year and a half. Netgain claims to have paid a ransom to the cybercriminals, the complaint claims, in exchange for a promise that the they would not publish or sell the information and would delete all copies of it, but the company “has provided no public information on the ransom demand.”

The complaint alleges that Netgain had “inadequate security and failure to comply with federal and state privacy standards[.]” According to the complaint, the information exposed included names, account numbers, Social Security numbers, driver’s license numbers, and dates of birth, as well as healthcare-related information for some persons.

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy