Shields Health Care Group Cyberattack Class Action

Shields Health Care Group, Inc., says the complaint for this class action, provides “management and imaging services” for its partner facilities. Unfortunately, the company suffered a data breach in March 2022, which the complaint for this class action alleges was “a direct and proximate result of Shields’s inadequate data security, and its breach of its duty to handle [the information it stores] with reasonable care…”

The class for this action is all individuals in the US and its territories whose personally identifiable information (PII) and protected health information (PHI) was compromised in the Shields Health Care Group data breach which occurred on or around March 7-21, 2022.

Shields noticed suspicious activity on its systems on March 28, 2022, the complaint alleges, and later concluded that an unknown party had gotten into its systems between March 7 and 21, 2022 and had exfiltrated certain information. The complaint alleges the data breach affected more than fifty of Shields’s health care facility and some two million people.

The complaint alleges, “As a healthcare provider, Shields knowingly obtains patient PII and PHI and has a resulting duty to securely maintain such information in confidence.” According to the complaint, “Shields’s Privacy Practice … acknowledges Shields’s duty to maintain the privacy of patients’ health information.”

The complaint doesn’t only fault Shields for the data breach; it also alleges that the company did not inform the individual victims promptly: “Despite the fact that Shields became aware of the Data Breach by march 28, 2022, it failed to notify Plaintiff and putative Class members within 60 days as required by law. Notably, Shields failed to notify Plaintiff of the Data Breach for more than two months from its discovery of the same.”

Exposed in the data breach, the complaint alleges, was a large expanse of PII and PHI, including full names, Social Security numbers, dates of birth, provider information, diagnosis, billing information, insurance numbers and information, and other medical or treatment information.

Now, the complaint alleges, this information has been “exposed to an untold number of unauthorized individuals, putting the individual victims at “an imminent significantly increased risk of fraud, identity theft, misappropriation of health insurance benefits, intrusion of their health privacy, and similar forms of criminal mischief. These risks may last for the rest of their lives.”

According to the complaint, the plaintiff in this case, Debra Monette, has already experienced negative effects of the data breach: “Shortly after the Breach, [Monette] received notification from her bank of attempted fraudulent activity on her bank account.”

Healthcare-related companies have become a favored target for cyberattacks, the complaint alleges, because of the extensive and valuable data they store. The complaint alleges that Shields must have known of the risk of cyberattacks and should have put into place adequate safeguards to protect information.

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy