Sahawneh Dental Corporation and Bright Now! Dental Upland are companies that provide patients with dental services. As such, they collect from patients, store, and use protected health information (PHI). The complaint alleges that the companies did not adequately protect the private information entrusted to them, resulting in a data breach, and that they did not inform those whose information was stolen for nearly six months.
The class for this action is all persons living in California to whom the companies sent a Notice of Data Breach about the “ransomware attack, which led to unauthorized access to certain systems containing protected health information,’ on or around October 22, 2021.
According to the complaint, in collecting and using private information, and in deriving a benefit from doing so, the companies took on the responsibility to keep that information safe and confidential.
The complaint quotes the companies’ data breach letter as saying that, on April 24, 2021, they “became aware of a ransomware attack, which led to unauthorized access to certain systems containing personal information.” As part of the intrusion into the systems, “certain data appears to have been acquired by an unauthorized party.”
The companies issued their Notice of Data Breach only on October 22, 2021. “Moreover,” the complaint alleges, the companies have not told the persons whose information was stolen “what the specific vulnerabilities and root causes of the breach are.”
The stolen information may have included names, dates of birth, health insurance information, and/or diagnosis information. The complaint alleges that the companies “were negligent for failing to encrypt or adequately encrypt Plaintiff’s and the Class[’s] electronic medical information contained in [the companies’] computer systems.” The unencrypted information can now be sold on the dark web, the complaint charges.
The complaint claims the companies “did not use reasonable security procedures and practices appropriate to the nature of the sensitive information they were maintaining…, such as encrypting the information or deleting it when it [was] no longer needed.”
The complaint lists a number of precautions it claims could have helped the companies prevent the data breach, from various sources, including an FBI publication on “How to Protect Your Networks from Ransomware,” recommendations from the US Cybersecurity & Infrastructure Security Agency, and advice from the Microsoft Threat Protection Intelligence Team.
According to the complaint, the companies knew or should have known that healthcare-related companies have become favorite targets for cybercriminals because of the kinds of information they store. The complaint alleges that “no other organization[s], including credit bureaus, have so much monetizable information stored in their data centers.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Sahawneh and Bright Now! Exposure of Patient Information Complaint
February 11, 2022
Sahawneh Dental Corporation and Bright Now! Dental Upland are companies that provide patients with dental services. As such, they collect from patients, store, and use protected health information (PHI). The complaint alleges that the companies did not adequately protect the private information entrusted to them, resulting in a data breach, and that they did not inform those whose information was stolen for nearly six months.
Sahawneh and Bright Now! Exposure of Patient Information ComplaintCase Event History
Sahawneh and Bright Now! Exposure of Patient Information Complaint
February 11, 2022
Sahawneh Dental Corporation and Bright Now! Dental Upland are companies that provide patients with dental services. As such, they collect from patients, store, and use protected health information (PHI). The complaint alleges that the companies did not adequately protect the private information entrusted to them, resulting in a data breach, and that they did not inform those whose information was stolen for nearly six months.
Sahawneh and Bright Now! Exposure of Patient Information Complaint