in Newswire Published on April 18, 2024

Class Action Lawsuit Alleges City of Hope Left Patient Data Vulnerable to Cyberattack

by Kelsey McCroskey

View Comments

Saurenmann v. City of Hope

Filed: April 9, 2024 § 2:24-cv-02860

Read Complaint

City of Hope has been hit with a class action over a 2023 cyberattack that compromised the private data of approximately 827,000 patients.

Defendant(s)

City of Hope

Law(s)

California Unfair Competition Law California Confidentiality Of Medical Information Act California Consumer Privacy Act California Consumer Records Act

State(s)

California

Categories

Medical/Health Privacy Data Breach

City of Hope, a California-based cancer treatment and research organization, has been hit with a proposed class action lawsuit over a 2023 cyberattack that compromised the private data of approximately 827,000 current and former patients.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 102-page City of Hope data breach lawsuit, an unauthorized third party gained access to some of the defendant’s computer systems and acquired copies of certain files stored therein between September 19 and October 12, 2023. The suit relays that the personal information exposed in the incident varied by individual but may have included names, contact details, dates of birth, Social Security numbers, driver’s license or government-issued ID numbers, financial account data, health insurance details and medical information.

As the case tells it, the cyberattack was a direct result of City of Hope’s lax data security protocols. The complaint alleges that the cancer center stored patient information unencrypted and in a “reckless manner” in its network, making it particularly vulnerable to unauthorized disclosure.

The lawsuit charges that given the frequency of data breaches in the medical industry in recent years, City of Hope should have taken appropriate measures to secure its computer systems against the “known” and “foreseeable” threat of cyberattacks.

The filing claims the plaintiff—a City of Hope patient residing in California—and other data breach victims are now at a heightened risk of being targeted for cybercrimes and must carefully monitor their financial accounts to protect themselves against identity theft.

In addition, the data breach suit argues that the notice letter City of Hope sent to impacted individuals in early April 2024 was untimely and lacked important information about the incident. Without critical details such as how cybercriminals gained access to the network and what steps are being taken to protect stored data in the future, victims’ ability to mitigate the consequences of the cyberattack is significantly reduced, the case asserts.

The lawsuit looks to represent anyone in the United States whose private information was accessed and/or acquired by an unauthorized third party as a result of the data breach reported by City of Hope in April 2024.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on April 18, 2024 — 9:39 AM

Kelsey McCroskey

kelsey@classaction.org

Kelsey works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.