Class Action Lawsuit Filed Over February 2021 CaptureRx Data Breach [UPDATE]
by Erin Shaak
Last Updated on April 7, 2022
Vereen v. NEC Networks, LLC et al.
Filed: June 4, 2021 ◆§ 5:21-cv-00536
The failure of CaptureRx and Midtown Health Center to safeguard patients’ private information is to blame for a February 2021 data breach, a class action says.
Texas
Case Updates
April 7, 2022 – CaptureRx Data Breach Settlement Website Is Live
The official settlement website for the CaptureRx data breach class action is live and can be found here:
http://www.rxdataincident.com/
To submit a claim, head to this page and enter your settlement claim ID number to begin.
The deadline for filing a claim is June 27, 2022. If you fail to file a claim by this date, you will receive no benefits from the settlement.
To contact the settlement administrator with any questions, head here.
CaptureRx denies any and all claims presented in the litigation, and the settlement does not amount to an admission of fault, the website states.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
March 11, 2022 – CaptureRx Data Breach Cases Settled for $4.75 Million
United States District Judge Orlando L. Garcia has granted preliminary approval to a $4.75 million settlement ending the proposed class action detailed on this page and five similar lawsuits filed over the February 2021 CaptureRx data breach.
The deal covers 2.4 million-plus individuals nationwide whose personal information was exposed to an unauthorized party as a result of the data incident. Consumers who are covered by the settlement (i.e., “class members”) and who submit valid claims will be able to receive a $25 cash payment. Those living in California will receive a $25 cash payment plus an additional $75 through the settlement, court documents state.
Consumers who believe that they are covered by the settlement should keep an eye on their mailboxes, as notice of the deal and information on their legal rights will be sent directly to them sometime soon. Court documents state that CaptureRx is to provide the settlement administrator with a list of known class members, their physical mailing addresses and, if known, their email addresses. An official settlement website where class members can file claims online and a toll-free number will also be launched soon.
A final approval hearing is slated for June 23, 2022. Compensation will begin to go out to consumers if and when the settlement is given the ultimate OK and any appeals are resolved.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
The failure of NEC Networks, LLC, which does business as CaptureRx, and Midtown Health Center, Inc. to properly safeguard patients’ private information is to blame for a February 2021 data breach, a proposed class action says.
Per the case, negligence on the part of Los Angeles-based Midtown Health Center and pharmacy benefits manager CaptureRx allowed patients’ full names, birth dates and prescription information to be accessed by unauthorized parties, exposing those affected by the incident to a heightened risk of identity theft and fraud.
The lawsuit argues that the defendants had a duty to protect patients’ personally identifiable information (PII) and protected health information (PHI) yet failed to take the necessary steps to prevent the breach, the risks of which should have been well-known. The consequences of the defendants’ inadequate data security are “long lasting and severe,” the suit states, stressing that fraudulent activity may not occur for six months to a year and “may continue for years.”
“Defendants knew, or should have known, the importance of safeguarding the PII and PHI entrusted to it and of the foreseeable consequences if its data security systems were breached,” the complaint contends. “This includes the significant costs that would be imposed on Defendants’ clients as a result of a breach. Defendants failed, however, to take adequate cybersecurity measures to prevent the Data Breach.”
According to the lawsuit, Midtown Health Center contracts with CapureRx to process claims related to its pharmacy business. The files shared with and stored by CaptureRx, however, contained non-redacted and non-encrypted personal and health information that revealed not only the pharmaceuticals prescribed to patients but the underlying conditions for which medications were issued, the suit relays.
The case says the defendants announced on May 5, 2021 that “a recent event” at CaptureRx on February 6 had allowed patients’ sensitive information to be accessed by third parties without proper authorization. Although the companies assured patients that they are “working to implement additional safeguards and training to [] employees,” they have failed to disclose the root cause of the breach, the vulnerabilities exploited, and the measures being taken to prevent a future cybersecurity incident, the suit charges.
Instead, the defendants, the lawsuit alleges, have “shifted the burden of protecting their sensitive PII and PHI” to patients by warning them to “remain vigilant against incidents of identity theft and fraud, to review your account statements and explanation of benefits forms, and to monitor your free credit reports for suspicious activity and to detect errors.”
The case argues that the defendants could have prevented the data breach by properly securing and encrypting patients’ data or destroying data that was outdated and “no longer useful.” Per the suit, Midtown and CaptureRx have violated Federal Trade Commission regulations and the Health Insurance Portability and Accountability Act (HIPAA).
The case looks to cover anyone in the U.S. whose personally identifiable information and protected health information was stored and/or shared in CaptureRx’s electronic files and exposed to an unauthorized party as a result of the data breach announced on May 5, 2021. The lawsuit also proposes to cover a subclass of California residents who fit the same criteria.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Before commenting, please review our comment policy.