fbpx

Sea Mar Community Health Centers Exposure of Patient Information Class Action

Providers of medical services have become highly desirable targets for cybercriminals looking to steal personally identifiable information (PII) and protected health information (PHI). This class action bring suit against Sea Mar Community Health Centers for failing to adequately protect its patients’ PII and PHI from a data breach in which cybercriminals accessed its systems from approximately December 2020 to March 2021.

The class for this action is all individuals living in the US whose personal information was compromised in the data breach revealed by Sea Mar in October 2021.

The complaint alleges, “Cybercriminals could pilfer patients’ PII and PHI because Sea Mar did not adequately maintain, protect, and secure the information, leaving it an unguarded target for theft and misuse. On information and belief, Sea Mar knew or had reason to know that patients’ PII and PHI was for sale online but never informed its patients of that fact.”

The cybercriminals who stole the data advertised it for sale on June 24, 2021, on a cybercriminal website called Marketo, the complaint alleges, claiming they had more than three terabytes of patient data to sell. According to the complaint, they offered an “evidence pack” that, “[o]n information and belief … had photos of patients, including pediatric patients, each with the patient’s name, date of birth, date of photo, and insurance information related to their treatment.”

Sea Mar learned of the data breach the same day, the complaint alleges, but did not immediately tell the victims whose information was being offered for sale, as required by Washington state law. The complaint claims that Sea Mar’s investigation showed that unauthorized persons had intruded into its systems and copied data, including from December 2020 through March 2021.

Sea Mar noted that the data included “patient names, addresses, Social Security numbers, dates of birth, client identification numbers, medical/dental/orthodontic diagnostic and treatment information, medical/vision/dental insurance information, claims information, and/or images associated with dental treatment.”

The complaint alleges, “On information and belief, by July 2021, Marketo’s auction for the PII and PHI had purportedly garnered over 200 bids for patients’ highly sensitive data.”

Sea Mar’s own investigation of the incident ended on August 31, 2021, but the complaint claims that it did not announce the data breach to the victims until October 29, 2021.

The complaint claims, “Sea Mar’s Notice of Privacy Practices recognizes Sea mar’s duty to secure and maintain patient PII and PHI[.]” The complaint quotes this Notice as saying such things as, “Sea Mar Community Health Centers respects your privacy” and “The law protects the privacy of the health information we create and obtain in providing health care and services to you.”

Page 6 of the complaint reproduces the ad posted at Marketo, offering the data for sale and chiding Sea Mar, among other things, because “you decided to forget without remorse about the quality of the provided services and the clients’ right to confidentiality.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Sea Mar Community Health Centers Exposure of Patient Information Complaint

February 16, 2022

Providers of medical services have become highly desirable targets for cybercriminals looking to steal personally identifiable information (PII) and protected health information (PHI). This class action bring suit against Sea Mar Community Health Centers for failing to adequately protect its patients’ PII and PHI from a data breach in which cybercriminals accessed its systems from approximately December 2020 to March 2021.

Sea Mar Community Health Centers Exposure of Patient Information Complaint

Case Event History

Sea Mar Community Health Centers Exposure of Patient Information Complaint

February 16, 2022

Providers of medical services have become highly desirable targets for cybercriminals looking to steal personally identifiable information (PII) and protected health information (PHI). This class action bring suit against Sea Mar Community Health Centers for failing to adequately protect its patients’ PII and PHI from a data breach in which cybercriminals accessed its systems from approximately December 2020 to March 2021.

Sea Mar Community Health Centers Exposure of Patient Information Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy