CareSource Data Breach Lawsuit Investigation: Was Your Info Hacked?
Last Updated on September 7, 2023
Investigation Complete
Attorneys working with ClassAction.org have finished their investigation into this matter.
Check back for any potential updates. The information on this page is for reference only.
Free Consumer Tools:
- Open and Current Class Action Lawsuit Settlements and Rebates
- Open and Current Class Action Lawsuit List, Investigations
- Class Action Lawsuit and Settlement News
- Free Class Action Lawsuit Database
At A Glance
- This Alert Affects:
- Anyone who received a letter from CareSource stating that their personal information was exposed in a data breach.
- What’s Going On?
- CareSource has begun notifying over 3 million individuals that their personal and medical information was exposed during a massive data breach that impacted MOVEit, a third-party file transfer software used by CareSource. Attorneys working with ClassAction.org are now looking into whether a lawsuit can be filed on behalf of victims.
- How Could a Lawsuit Help?
- A class action lawsuit could help compensate data breach victims for any harm they experienced as a result of the hack, including loss of privacy and fraudulent charges.
Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed on behalf of individuals who were affected by the CareSource data breach.
In late August, CareSource, an Ohio-based nonprofit that administers Medicaid, Marketplace and Medicare plans, began notifying members that their personal and medical information was exposed during a massive hack of the third-party MOVEit file-transfer software used by the company to share data. It’s been reported that patients’ names, Social Security numbers, health plan information, medical conditions and other sensitive data were accessed and copied during the hack.
Attorneys believe CareSource may not have taken the proper steps to protect consumers’ data from unauthorized access. They’re now looking to hear from people who were affected by the breach as they work to determine whether a class action lawsuit can be filed to help compensate victims.
CareSource Hack: What Happened?
On July 27, 2023, CareSource reported to the U.S. Department of Health and Human Services that 3,180,537 individuals were affected by a data breach.
In a sample data breach letter, the company explained that the MOVEit file-transfer software provided by one of its vendors was hacked by “a bad actor” on May 31, 2023. On June 27, CareSource was identified as “one of the victims of hacked data,” and an investigation into the incident revealed that sensitive consumer information had been stolen, according to the letter.
The following patient information was reportedly accessed and copied:
- Full names
- Addresses
- Dates of birth
- Genders
- Social Security numbers
- Member IDs
- Health plan names
- Health conditions
- Medications
- Allergies
- Diagnoses
The MOVEit hack, which has reportedly impacted more than 1,000 organizations and affected over 60 million people, was perpetrated by a notorious Russia-linked ransomware gang known as Clop.
Cybernews.com reported on August 2 that Clop published 40GB of CareSource data on the dark web that contained “sensitive healthcare information such as drugs prescribed, risk groups, and patients’ treatment details.” The group wrote of CareSource that “[t]he company doesn’t care about its customers, it ignored their security!!!”
CareSource reportedly began sending data breach notices to affected individuals beginning the week of August 22.
How a Class Action Lawsuit Could Help
If successful, a class action lawsuit could help data breach victims recover compensation for damages resulting from the hack, including:
- Loss of privacy
- Fraudulent charges
- Damage to credit
- Time lost responding to the breach
- Out-of-pocket expenses, such as money spent obtaining credit reports, medical records and additional credit monitoring and identity theft protection services
Before commenting, please review our comment policy.