Ambry Genetics Corp. Hit with Class Action Over Jan. 2020 Data Breach Affecting 230,000
by Erin Shaak
Last Updated on September 24, 2024
Cercas et al. v. Ambry Genetics Corp.
Filed: April 23, 2020 ◆§ 8:20-cv-00791
Ambry Genetics Corp. has been named in a proposed class action lawsuit filed over a data breach that reportedly affected upward of 230,000 patients.
Ambry Genetics Corp. has been named in a proposed class action lawsuit filed over a data breach that reportedly affected upward of 230,000 patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The data breach lawsuit alleges the genetic testing provider, which offers more than 300 genetic tests for the screening and diagnosis of diseases and medical issues, announced on April 15, 2020 that a security incident had compromised the personally identifiable and protected health information of thousands of patients. According to the case, the exposed data included patients’ names, dates of birth, health insurance and medical information, and in some cases, Social Security numbers and other sensitive data.
The case argues that the Ambry Genetics data breach was a “direct result” of Ambry’s failure to implement “adequate and reasonable” cybersecurity protocols. Due to its position in the healthcare industry and the sensitive nature of the private medical information collected from patients, Ambry was aware of its legal obligation to protect such data, the suit says. Nevertheless, the company allegedly neglected to implement even “basic security practices” despite the availability of industry standards and guidance.
“Had Defendant remedied the deficiencies in its data security systems and adopted security measures recommended by experts in the field, it would have prevented the intrusions into its systems and, ultimately, the theft of Sensitive Information,” the suit alleges.
The case further claims that although the security breach occurred between January 22 and 24, 2020 and was reported to government authorities by Ambry in March, the company waited three months before notifying affected patients. According to the case, the delay caused Ambry’s patients additional harm in that they were deprived of the opportunity to address and mitigate the effects of the breach, driving the risk of fraud “even higher.”
Finally, the case criticizes Ambry’s “ambiguous and vague offer” of identity monitoring, noting that affected patients were given no information regarding the terms, length, and benefits of the service. According to the case, the “hollow gesture” is “wholly inadequate” to compensate victims for their damages given data breaches can expose consumers to a heightened risk of identity theft and fraud for years.
The lawsuit looks to cover anyone whose sensitive information was compromised in the data breach announced by Ambry around April 15, 2020, with a proposed subclass of California residents.
Check out ClassAction.org’s lawsuit list for the latest top class action lawsuits.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.