Class action lawsuit alleges NorCal health care provider’s negligence led to data breach – Times-Standard
On Thursday, a Eureka-based law firm filed a class-action lawsuit against a Northern California healthcare provider, accusing it of failing to protect sensitive user data and neglecting to disclose when the data had been hacked in a timely manner to its users.
Janssen Malloy, which filed the suit with national firm Whatley Kallas, is alleging that Partnership HealthPlan of California, which declined to comment, which was negligent in its upkeep of cybersecurity. The suit states that the provider was warned as early as June 2021 that a group called Hive was hacking medical service companies, just under a year before the hack was announced.
“The suit really is about Partnership HealthPlans’ method of storing their enrollees individually identifiable medical information, and how they stored that and whether or not they took all reasonable steps to protect folks’ privacy and keep that information secure from hackers,” said Megan Yarnall , a partner at Janssen Malloy, said. “At this point, it seems that they did not take all the reasonable steps to do so, and then were subject to this ransomware hack.”
The lack of notice given to people whose information was compromised was also a concern, Yarnall said.
“It’s twofold, one, the lack of security and proper steps that they took to secure individuals’ information from a hack like this,” Yarnall said, “especially in light of warnings from the FBI, and other sources about this type of hack months in advance. Then secondarily, once the breach occurred, their duty to notify folks so they could take steps to monitor their credit and be on alert for potential identity theft.”
Partnership HealthPlan of California announced in March that it had experienced a ransomware attack — a virus designed to block access to a system until a ransom is paid — with a group called Hive claiming responsibility. According to the complaint, Hive declared that it had stolen the sensitive data, including social security numbers and a litany of other personal details, of 850,000 people.
So far, there is only one person who is directly represented by Janssen Malloy, a John Doe, but should the case proceed, potentially hundreds of thousands of Partnership Healthplan of California beneficiaries could be eligible for compensation. Yarnall said that Janssen Malloy had heard from other Partnership HealthPlan members that they noticed an uptick in suspicious activity on their accounts, but they are still investigating to see if it is linked to the data breach.
The parties are scheduled to have a case management conference at 8:30 am Sept. 9 at the Humboldt County Superior Court, but Yarnall noted there could be events that come up before then that would require the parties to convene before a judge.
“We hope that this lawsuit, both serves as a notice to consumers that this breach occurred, although that should have come in the first instance from Partnership in a timely fashion,” Yarnall said, “and we also hope that we can get some remedies for people who are now the victims of this breach.”
The full complaint can be found at bit.ly/398rl0k.
Patients concerned about the breach of their data may contact the firm by calling toll-free 888-526-7736 or 707-445-2071.
Jackson Guilfoil can be reached at 707-441-0506.