Health Care Service Corporation Facing Class Action Over 2023 Data Breach Affecting 192K Individuals

New to ClassAction.org? Read our Newswire Disclaimer

Health Care Service Corporation (HCSC) faces a proposed class action that alleges the health insurer and Blue Cross Blue Shield licensee failed to protect its members’ personal information from a data breach in June 2023.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 32-page lawsuit says that around June 21 of last year, cybercriminals gained access to HCSC’s computer network where highly confidential data belonging to 192,231 individuals was stored. According to the case, the compromised information includes clients’ names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, claim numbers, bank account numbers and medical service information.

The complaint attributes the incident to HCSC’s alleged failure to implement adequate cybersecurity measures and claims the data breach could have been prevented had the company more securely encrypted its servers and the information stored therein.

The case contends that HCSC’s negligence is exacerbated by “repeated warnings and alerts” directing companies to safeguard consumers’ private data from potential cyberattacks, which have become a growing threat in recent years.

Per the filing, consumers’ data is now in the hands of an “undoubtedly nefarious” third party who likely seeks to profit off the unauthorized disclosure by subjecting victims to identity theft, fraud and other misuse of their information.

The plaintiff, an Illinois resident and former HCSC member, says she was unaware of the breach until she received a data breach notice letter around August 24, 2023 informing her that her information may have been involved. Not only did the letter come more than a month after HCSC claims to have learned of the breach, but it also concealed the full extent of the incident, the suit alleges.

“[The plaintiff] and the class members remain, even today, in the dark regarding what particular data was stolen, the particular malware used, and what steps are being taken, if any, to secure their [protected health information/personally identifiable information] and financial information going forward,” the complaint says.

According to the suit, the plaintiff’s anxiety surrounding the unauthorized exposure of her data has only increased since she learned that her personal information was uploaded to the dark web.

The lawsuit looks to represent anyone in the United States of America whose personal, health or financial information was exposed to unauthorized third parties as a result of the data breach experienced by Health Care Service Corporation on June 21, 2023.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.