ARcare Hit with Class Actions Following 2022 Data Breach Affecting 345K Patients
by Erin Shaak
Hale v. ARcare
Filed: May 10, 2022 ◆§ 3:22-cv-00117
A class action has been filed against ARcare in the wake of a data breach that reportedly affected more than 345,000 current and former patients.
At least two proposed class action lawsuits have been filed against ARcare in the wake of a data breach that reportedly affected more than 345,000 current and former patients.
According to the two suits in Arkansas, the data breach, which occurred between January 18 and February 24, 2022, was a direct result of ARcare’s failure to take reasonable steps to safeguard patients’ sensitive information. The data exposed in the breach reportedly included patients’ names; Social Security, driver’s license or state identification numbers; dates of birth; financial account information; medical treatment, prescription, and diagnosis or condition details; and health insurance information.
The lawsuits, filed May 10 and 16, respectively, claim that those whose personal and health information was compromised in the breach now face a heightened risk of identity theft and fraud, not to mention “years of constant surveillance of their financial and personal records, monitoring, and loss of rights.”
The suits relay that ARcare, a healthcare network with over 74 facilities across Arkansas, Kentucky and Mississippi, experienced a “data security incident” on February 24, 2022 that temporarily disrupted its services. After an investigation into the incident, ARcare determined that an unauthorized actor had gained access to its computer systems from January 18 to February 24, the cases state.
According to the lawsuits, ARcare nevertheless waited months before notifying data breach victims, who began receiving letters from the company in late April 2022.
“As a result of this delayed response, Plaintiff and Class Members had no idea their [personally identifiable information] and [protected health information] had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” one of the complaints states. “The risk will remain for their respective lifetimes.”
The lawsuits claim that had ARcare implemented adequate cybersecurity procedures and protocols, including “basic encryption techniques freely available to Defendant,” the incident could have been prevented.
Moreover, the suits take issue with ARcare’s offer of 12 months of identity and credit monitoring services, arguing that the services are “inadequate to protect Plaintiff and Class Members from the threats they face for years to come.”
The cases look to represent U.S. residents whose personally identifiable information or protected health information was actually or potentially compromised in the data breach referenced in the notice sent by ARcare to victims in late April 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.