Tandem Diabetes Care Data in Phishing Incident Class Action

The complaint for this class action begins by referring to California’s Confidentiality of Medical Information Act (CMIA). The issue in the case is the disclosure of information held by Tandem Diabetes Care, Inc. (TDC) in a phishing incident. The complaint claims that TDC is responsible for this disclosure brings suit on behalf of patients nationwide as well as those in California.

The class for this action is comprised of two subclasses:

  • Subclass 1 is all citizens of California who received medical care from TDC whose identities, personal data, and medical information were contained in an e-mail account discovered on January 17, 2020.
  • Subclass 2 is all citizens who received medical care from TDC whose whose identities, personal data, and medical information were contained in an e-mail account discovered on January 17, 2020.

The complaint quotes the California law as saying that “a provider of health care, health care service plan, or contractor shall not disclose medical information regarding a patient of the provider of health care or an enrollee or subscriber of a health care service plan without first obtaining an authorization…”

On January 17, 2020, TDC discovered that patients’ information was accessed via a phishing incident. TDC then sent out a letter notifying patients of the data breach. The information exposed included names and Social Security numbers and may have included billing and insurance information, referral information, and appointment records.

According to the complaint, TDC’s investigation has failed to determine whether the information was also “accessed by one or more additional persons and to date has not disclosed the identity of the individual(s) who may have improperly accessed” the information.

The CMIA requires that providers keep information “in a manner that preserves the confidentiality of the information contained therein. Any provider of health care, health care service plan, pharmaceutical company, or contractor who negligently creates, maintains, preserves, stores, abandons, destroys, or disposes of medical records shall be subject to the remedies” provided in the state’s Civil Code.

The California law provides for the payment of damages for improper disclosures of medical information. This includes “nominal damages” of $1,000 and actual damages. The law also says that “it shall not be necessary that the plaintiff suffered or was threatened with actual damages” in order to ask for payment of the nominal damages. The complaint appears to allege that at least nominal damages are due to TDC’s patients regardless of the identity or purposes of the party that obtained the data.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Tandem Diabetes Care Data in Phishing Incident Complaint

April 1, 2020

The complaint for this class action begins by referring to California’s Confidentiality of Medical Information Act (CMIA). The issue in the case is the disclosure of information held by Tandem Diabetes Care, Inc. (TDC) in a phishing incident. The complaint claims that TDC is responsible for this disclosure brings suit on behalf of patients nationwide as well as those in California.

Tandem Diabetes Care Data in Phishing Incident Complaint

Case Event History

Tandem Diabetes Care Data in Phishing Incident Complaint

April 1, 2020

The complaint for this class action begins by referring to California’s Confidentiality of Medical Information Act (CMIA). The issue in the case is the disclosure of information held by Tandem Diabetes Care, Inc. (TDC) in a phishing incident. The complaint claims that TDC is responsible for this disclosure brings suit on behalf of patients nationwide as well as those in California.

Tandem Diabetes Care Data in Phishing Incident Complaint
Tags: Exposing Private Information