Health Center Partners of Southern California, IT Provider Facing Class Action Over Cyberattack Affecting 293K
Jackson v. Health Center Partners of Southern California et al.
Filed: January 16, 2024 ◆§ 3:24-cv-00106
HCP and an IT vendor face a class action over a cyberattack announced in April 2021 that compromised the private data of more than 293,000 people.
California Business and Professions Code California Confidentiality Of Medical Information Act
California
Health Center Partners of Southern California (HCP) and an IT vendor face a proposed class action over a cyberattack announced in April 2021 that compromised the private data of more than 293,000 people.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 33-page lawsuit says the San Diego-based consortium of medical organizations, which boasts more than 16 member health centers and 160 practice sites in California, announced in April 2021 that it had been impacted by a ransomware attack that targeted its IT service provider, co-defendant Netgain Technology, LLC.
As a result, confidential information belonging to HCP member organizations and their patients was compromised when an unauthorized third party gained access to Netgain’s server between October 22, 2020 and December 3, 2020, the suit relays. Per the case, the exposed data varies by individual but may have included patients’ names, addresses, dates of birth, diagnoses or treatment information and treatment cost details.
According to a notice letter sent to victims, Netgain claimed to have paid the hacker an undisclosed amount in exchange for the destruction of all copies of the data and assurances that the stolen information would not be further disclosed or sold.
The complaint contends the data breach stemmed from the defendants’ failure to implement basic cybersecurity protocols to protect the stored data from unauthorized disclosure. The filing adds that HCP, in particular, failed to properly monitor its IT vendor, which allegedly maintained the sensitive information unencrypted on its server.
Victims like the plaintiff, a patient of an HCP member organization, now face a substantial risk of identity theft and fraud as a result of the defendants’ negligence, the lawsuit claims.
To make matters worse, HCP, other than offer impacted individuals complimentary identity protection services and recommend steps to take to protect their data, has done little to safeguard victims from future security incidents or the misuse of their information, the suit charges.
“In effect, HCP is shirking its responsibility for the harm it has caused, while shifting the burdens and costs of its wrongful conduct onto its patients,” the case scathes.
The lawsuit looks to represent anyone to whom Health Center Partners of Southern California sent a notification letter of a data security incident that occurred between October 22, 2020 and December 3, 2020.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.