Aveanna Healthcare Stored Patient Info in ‘Reckless Manner’ Prior to July 2019 Data Breach, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

Atlanta-based pediatric home healthcare provider Aveanna Healthcare faces a proposed class action centered on a July 2019 data breach that allegedly stemmed from the company’s storage of patient data in a “reckless manner.”

The 53-page complaint claims more than 166,000 individuals had their sensitive information compromised due to a phishing attack last summer. In all, an unknown intruder accessed certain Aveanna employee email accounts between July 19 and August 24, 2019, the case says. 

According to the suit, information improperly accessed by those responsible for the breach includes social security numbers, birth dates, email and physical addresses, bank account and credit card details, passport and driver’s license numbers, medical records, patient account numbers, diagnoses, treatments, photo IDs, Medicare/Medicaid ID numbers and other data protected under the Health Insurance Portability and Accountability Act (HIPAA).

Though the breach was first discovered by the defendant in August 2019, the company did not begin to notify affected patients until February 18, 2020, nearly six months later, according to the complaint. 

Aveanna Healthcare maintained proposed class members’ sensitive information on a computer network “vulnerable to cyberattacks,” such as the infiltration of company email accounts containing private data, the lawsuit says. The potential for a significant data breach was a known risk to Aveanna, and the company was thus on notice yet failed to implement measures that could have secured proposed class members’ information, according to the suit.

Further still, Aveanna employees failed to properly monitor the company’s computer network and systems housing private personal information, the case continues. Had Aveanna employees done so, the data breach would have been discovered sooner, the lawsuit contends. 

“Plaintiffs and Class Members’ identities are now at risk of compromise because of [Aveanna’s] negligent conduct since the Private Information that Aveanna collected and negligently maintained is now in the hands of data thieves,” the suit says, stressing that those affected may also incur out-of-pocket costs for credit monitoring or identity theft protection services. 

The case looks to cover those who utilized Aveanna’s services and whose private information was maintained in the company’s email and computer system and compromised in the July 2019 data breach. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.