BioPlus Facing Class Action Over October 2021 Data Breach
by Erin Shaak
Bryan et al. v. BioPlus Specialty Pharmacy Services, LLC
Filed: January 5, 2022 ◆§ 6:22-cv-00030
BioPlus Specialty Pharmacy Services, LLC faces a proposed class action over an October 2021 data breach that reportedly affected at least 350,000 individuals.
BioPlus Specialty Pharmacy Services, LLC faces a proposed class action over an October 2021 data breach that reportedly affected at least 350,000 individuals.
The 85-page lawsuit alleges BioPlus, who provides pharmacy services nationwide, failed to implement adequate safeguards to protect customers’ sensitive information from unauthorized disclosure. Information supposedly exposed during the October ransomware attack includes names, addresses, email addresses, dates of birth, Social Security numbers, health insurance billing information and treating physician details, the case says.
According to the suit, the defendant’s failure to protect customers’ information has exposed them to “a slew of harms,” including fraudulent charges, medical procedures ordered in their names and targeted advertising.
The lawsuit alleges that BioPlus learned in November 2021 that an unauthorized party had gained access to its systems wherein private customer information was stored. Per the suit, BioPlus investigated the ransomware attack and sent notice to affected individuals in December. The case claims, however, that the defendant failed to explain the delay between its initial discovery of the incident and its “belated notification” to victims, which the suit says may have exposed the individuals to additional harm that could have been avoided had timely notice been sent.
Moreover, the lawsuit claims the notice sent by BioPlus was “not just untimely but woefully deficient” in that the letter failed to provide certain details about the breach, including how the defendant’s systems were accessed, what information was exposed, whether the data was encrypted, how the company learned of the incident, whether the breach occurred system-wide, whether BioPlus’ servers were accessed and how many patients were affected.
The case goes on to decry BioPlus’s offer of “only one or two years” of identity monitoring, arguing that customers would need to disclose additional personal information that BioPlus “had just demonstrated it could not be trusted with” in order to take advantage of the service.
The lawsuit alleges BioPlus failed to implement recommended data security measures, much less have in place “basic, common-sense email security measures,” despite repeated warnings about the risks of cyberattacks in the healthcare industry. As a result, the suit says, the defendant has put customers’ information at a “serious, immediate, and ongoing risk.”
The case seeks to cover anyone whose private information was compromised as a result of the BioPlus data breach discovered around December 2021 and who was sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.