in Newswire Published on February 27, 2023

Class Action Claims CentraState Healthcare Left Patient Data Vulnerable to Cyberattacks

by Kelsey McCroskey

View Comments

M.Z. v. CentraState Healthcare System, Inc. et al.

Filed: February 22, 2023 § 3:23-cv-01049

Read Complaint

A class action accuses CentraState Healthcare System and Executive Director of Health Information Management and Privacy Officer Shaunna Ellison of failing to protect patients’ personal data from a December 2022 cyberattack.

Defendant(s)

CentraState Healthcare System, Inc. Shaunna Ellison

Law(s)

New Jersey Consumer Fraud Act

State(s)

New Jersey

Categories

Technology Medical/Health Privacy Data Breach

A proposed class action accuses CentraState Healthcare System and Executive Director of Health Information Management and Privacy Officer Shaunna Ellison of failing to protect patients’ personal data from a December 2022 cyberattack.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 46-page lawsuit, the computer system used by the New Jersey-based healthcare provider was infiltrated by an unauthorized third party on or around December 29, compromising the sensitive data of CentraState’s patients and their families. The suit relays that the personal and medical information accessed in the data breach included, but is not limited to, patients’ names, home addresses, dates of birth, telephone numbers, email addresses, demographic information, medical record numbers, patient account numbers and treatment details.

The case charges that the highly sensitive data in CentraState’s medical record systems was stored in a “vulnerable” and “dangerous condition,” and that the cyberattack occurred as a result of the defendants’ failure to implement adequate cybersecurity practices to protect it.

What’s more, the complaint claims that CentraState was well-aware of the threat of a ransomware attack given that the highly valuable nature of the information stored in its systems and prevalence of data breaches in the medical industry.

The plaintiff, a Georgia resident and former patient, received notice on February 8, 2023, that her personal information had been compromised in the data breach, the filing says.

CentraState’s “reckless” and “wrongful” conduct and the resultant cyberattack have put the plaintiff and other victims at an “imminent, immediate and continuing … risk of identity theft, identity fraud and medical fraud,” the case contends.

The lawsuit looks to represent any current or former patients of CentraState, or any of its affiliates, who had their personal information compromised by an unknown third party as a result of the December 2022 data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on February 27, 2023 — 9:25 AM

Kelsey McCroskey

kelsey@classaction.org

Kelsey works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.