Data Breach Lawsuit Says Designed Receivable Solutions Failed to Protect Patient Info During Cyberattack

New to ClassAction.org? Read our Newswire Disclaimer

Designed Receivable Solutions, Inc. (DRSI) faces a proposed class action lawsuit after it fell victim to a “massive and preventable” data breach discovered earlier this year.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 47-page Designed Receivable Solutions data breach lawsuit says that the healthcare industry debt collection agency detected suspicious activity in its computer network on January 22, 2024. Upon investigation, it was found that cybercriminals had accessed DRIS’s servers around January 18 of this year and acquired personal information belonging to its clients’ patients, the case claims.

According to the data breach lawsuit, the cyberattack affected at least 498,000 individuals, exposing data such full names, dates of birth, Social Security numbers, treatment details, claim information, patient identification numbers, health insurance policy information and health insurance policy numbers.

The complaint alleges that the incident stemmed from Designed Receivable Solutions’ failure to implement adequate data security measures.

“As a result, Representative Plaintiff’s and Class Members’ [protected health information/personally identifiable information] was compromised through disclosure to an unknown and unauthorized third party—an undoubtedly nefarious third party seeking to profit off this disclosure by defrauding Representative Plaintiff and Class Members in the future,” the suit stresses.

Per the case, DRIS had obligations under HIPAA, federal and state law, and representations in its own privacy policy to keep patients’ personal information confidential and protect it from unauthorized access.

The complaint goes on to criticize DRIS’s response to the breach, noting that the company waited roughly four months after it claims to have discovered the intrusion to begin notifying those who had been impacted. Moreover, the defendant offered victims merely a restricted period of complimentary credit monitoring services, the filing relays.

“These services are wholly inadequate as they fail to provide for the fact that victims of data breaches and other unauthorized disclosures commonly face multiple years of ongoing identity theft and financial fraud, and they entirely fail to provide any compensation for the unauthorized release and disclosure of Representative Plaintiff’s and Class Members’ [protected health information/personally identifiable information],” the case argues.

The lawsuit seeks to cover anyone in the United States whose personal or health information was exposed to unauthorized third parties as a result of the data breach discovered by Designed Receivable Solutions, Inc. on January 22, 2024.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.