Healthcare entities have now become the favorite target of cybercriminals, says the complaint for this class action. This time, US Vision, Inc. and USV Optical, Inc. suffered an attack by cybercriminals that exposed the personally identifiable information (PII) and protected health information (PHI) of around 700,000 people.
The class for this action is all persons living in the US whose PII or PHI was affected by the data breach, including all persons to whom the defendants in this case sent a notice of the data breach.
According to the complaint, the companies offer “eye care and administrative services for healthcare providers nationwide with over 350 locations.” They therefore maintain a great deal of PII and PHI, which the complaint alleges was stored “in a negligent and/or reckless manner.”
“On May 12, 2012,” the complaint alleges, the companies “became aware of suspicious activity on their network environment.” The complaint alleges that an investigation showed that an unauthorized had been intruding into the network intermittently, between April 20 and May 17, 2021. In other words, the complaint claims that the unauthorized party had had the run of their systems for around three weeks before the companies discovered it. According to the complaint, the data breach did not end until another five days after that, on May 17, 2021.
The information involved identifying information, such as names and dates of birth, the complaint says, along with Social Security numbers, driver’s license numbers, and/or financial account information, plus medical or treatment information, health insurance information, and billing and claims information.
“While [the companies] claim[] to have become aware of the breach as early as May 12, 2021,” the complaint alleges, they “did not begin notifying victims of the Data Breach until October 28, 2021, over 17 months later.” This is despite the fact, the complaint alleges, that “[t]ime is of the essence when highly sensitive PII and PHI is subject to unauthorized access and/or acquisition.”
The complaint claims the companies did not comply with Federal Trade Commission (FTC) guidelines for data security, did not follow industry security standards, and violated HIPAA.
The plaintiff in this case alleges that that she has suffered a long list of bad effects from this data breach, including $2,000 worth of unauthorized charges on her bank account statements, resulting in an extra $250-$300 in fees, a lowered credit score, an inability to pay her daughter’s medical bills or her own credit card bills, identity theft, numerous subscriptions opened in her name, and an inability to get financing for a new car.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
US Vision, USV Optical Data Breach Complaint
December 23, 2022
Healthcare entities have now become the favorite target of cybercriminals, says the complaint for this class action. This time, US Vision, Inc. and USV Optical, Inc. suffered an attack by cybercriminals that exposed the personally identifiable information (PII) and protected health information (PHI) of around 700,000 people.
US Vision, USV Optical Data Breach ComplaintCase Event History
US Vision, USV Optical Data Breach Complaint
December 23, 2022
Healthcare entities have now become the favorite target of cybercriminals, says the complaint for this class action. This time, US Vision, Inc. and USV Optical, Inc. suffered an attack by cybercriminals that exposed the personally identifiable information (PII) and protected health information (PHI) of around 700,000 people.
US Vision, USV Optical Data Breach Complaint