Class Action Claims Mindpath Health Failed to Prevent Data Breach Affecting Over 190K Patients
Lynch v. Community Psychiatry Management, LLC d/b/a Mindpath Health
Filed: February 9, 2023 ◆§ 2:23-at-00113
A class action lawsuit claims Mindpath Health failed to protect patient information from hackers who reportedly gained unauthorized access to two employee email accounts in 2022.
California
A proposed class action lawsuit claims Mindpath Health failed to protect patient information from hackers who reportedly gained unauthorized access to two employee email accounts in 2022.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the 30-page lawsuit, Community Psychiatry Management, who operates as Mindpath Health, discovered in early July 2022 that two employee email accounts had been hacked—one in March and another in June. Per the suit, the resulting data breach compromised the personal information of approximately 193,947 patients.
The case reports that the data impacted by the breach included, but is not limited to, patients’ names, addresses, dates of birth, medical diagnoses, treatment information and Social Security numbers.
As the complaint tells it, the ransomware attack occurred as a result of Mindpath Health’s failure to implement reasonable cybersecurity measures and provide adequate employee training on phishing schemes, a common entry point for ransomware.
What’s more, the healthcare provider “unreasonably delayed” notifying victims of the cyberattack, the filing says. Although the defendant claims to have discovered the breach on July 5 of last year, notices were not sent to those impacted until early January 2023, more than six months later, the lawsuit charges.
Mindpath Health has given no explanation for the lengthy delay, the suit says. Because of it, victims were left in the dark “far longer than they should have been” given the emergency situation called for timely action to protect patients’ personal and financial accounts, the case contends.
The defendant, a provider of outpatient behavioral health services, had a legal obligation under the Health Insurance Portability and Accountability Act (HIPAA) to safeguard the personal and medical information stored in its computer system, the complaint says. However, despite the frequency of cyberattacks within the healthcare industry, Mindpath Health “opted to maintain an insufficient and inadequate [cybersecurity] system,” the filing asserts.
The plaintiff, a North Carolina resident and former Mindpath patient, received notice on January 9 of this year that her highly sensitive personal data had been compromised in the breach, the case reports. Like other victims, the woman must now cope with a lifetime risk of identity theft, medical fraud, and other illegal schemes as a result of the exposure of her information, the complaint claims.
The lawsuit looks to represent anyone in the United States whose personal information was compromised by the data breach announced by Mindpath Health on January 9, 2023.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.