Behavioral Health Group Facing Class Action Over December 2021 Data Breach
by Erin Shaak
Last Updated on August 15, 2024
Smith v. BHG XXXIV, LLC et al.
Filed: September 2, 2022 ◆§ 6:22-cv-00164
Behavioral Health Group faces a lawsuit over a December 2021 data breach during which thousands of individuals' personal information was reportedly compromised.
Kentucky
Behavioral Health Group has been hit with a proposed class action over a December 2021 data breach during which the personally identifiable and protected health information of nearly 200,000 individuals was reportedly compromised.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Per the 27-page case, BHG Holdings and subsidiary BHG XXXIV have failed to implement adequate cybersecurity protocols to protect the sensitive data with which they were entrusted by employees and patients. The lawsuit argues that the information compromised in the December 5 data breach is “especially sensitive” given Behavioral Health Group is in the business of providing rehabilitation and other services to individuals dealing with substance abuse.
According to the suit, the data exposed in the incident included roughly 197,507 consumers’ full names; Social Security, driver’s license or state identification numbers; financial account and payment card information; passport, biometrics, health insurance or medical information, such as medical diagnosis, treatment and medication details; and medical record numbers.
The case says that data breach victims “must now live with the knowledge” that their personal and health information “is forever in cyberspace” and may be used “for any number of improper purposes and scams.”
Even though Behavioral Health Group learned as early as last December that unauthorized actors had gained access to its system, the defendants waited more than seven months, until late July 2022, to publicly acknowledge the breach and send notice to those who were affected.
The lawsuit argues that Behavioral Health Group “knew, or should have known,” that the information it stored on its system was “a target for malicious actors,” especially in light of a recent spike in data breaches across a number of industries. The healthcare provider nevertheless failed to implement cybersecurity protocols in line with industry standards and thereby allowed unauthorized actors to breach its system, according to the suit.
“Given the nature of BHG’s business, the sensitivity and value of the [personally identifiable information/protected health information] it maintains, and the resources at its disposal, BHG should have identified the vulnerabilities to their systems and prevented the Data Breach from occurring,” the complaint contends.
The lawsuit looks to represent anyone whose personally identifiable or protected health information was disclosed to unauthorized persons in the Behavioral Health Group data breach, including those who were sent notice of the breach.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.