BioPlus Facing Class Action Over October 2021 Data Breach
by Erin Shaak
Bryan et al. v. BioPlus Specialty Pharmacy Services, LLC
Filed: January 5, 2022 ◆§ 6:22-cv-00030
BioPlus Specialty Pharmacy Services, LLC faces a proposed class action over an October 2021 data breach that reportedly affected at least 350,000 individuals.
BioPlus Specialty Pharmacy Services, LLC faces a proposed class action over an October 2021 data breach that reportedly affected at least 350,000 individuals.
The 85-page lawsuit alleges BioPlus, who provides pharmacy services nationwide, failed to implement adequate safeguards to protect customers’ sensitive information from unauthorized disclosure. Information supposedly exposed during the October ransomware attack includes names, addresses, email addresses, dates of birth, Social Security numbers, health insurance billing information and treating physician details, the case says.
According to the suit, the defendant’s failure to protect customers’ information has exposed them to “a slew of harms,” including fraudulent charges, medical procedures ordered in their names and targeted advertising.
The lawsuit alleges that BioPlus learned in November 2021 that an unauthorized party had gained access to its systems wherein private customer information was stored. Per the suit, BioPlus investigated the ransomware attack and sent notice to affected individuals in December. The case claims, however, that the defendant failed to explain the delay between its initial discovery of the incident and its “belated notification” to victims, which the suit says may have exposed the individuals to additional harm that could have been avoided had timely notice been sent.
Moreover, the lawsuit claims the notice sent by BioPlus was “not just untimely but woefully deficient” in that the letter failed to provide certain details about the breach, including how the defendant’s systems were accessed, what information was exposed, whether the data was encrypted, how the company learned of the incident, whether the breach occurred system-wide, whether BioPlus’ servers were accessed and how many patients were affected.
The case goes on to decry BioPlus’s offer of “only one or two years” of identity monitoring, arguing that customers would need to disclose additional personal information that BioPlus “had just demonstrated it could not be trusted with” in order to take advantage of the service.
The lawsuit alleges BioPlus failed to implement recommended data security measures, much less have in place “basic, common-sense email security measures,” despite repeated warnings about the risks of cyberattacks in the healthcare industry. As a result, the suit says, the defendant has put customers’ information at a “serious, immediate, and ongoing risk.”
The case seeks to cover anyone whose private information was compromised as a result of the BioPlus data breach discovered around December 2021 and who was sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.