in Newswire Published on February 27, 2023

Highmark Hit with Class Action Over December 2022 Data Breach

by Kelly Mehorter

View Comments

Marshall v. Highmark, Inc.

Filed: February 22, 2023 § 2:23-cv-00290

Read Complaint

Highmark, Inc. faces a class action over a December 2022 data breach that reportedly affected approximately 300,000 individuals.

Defendant(s)

Highmark, Inc.

Law(s)

State(s)

Pennsylvania

Categories

Privacy Data Breach

Highmark, Inc. faces a proposed class action over a December 2022 data breach that reportedly affected approximately 300,000 individuals.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 21-page lawsuit claims Highmark, a nonprofit healthcare company, failed to take “even the most basic steps” to safeguard consumers’ personal and health information from unauthorized access, resulting in a data breach between December 13 and 15 of last year. According to a February 6 press release from Highmark, the following highly sensitive data was compromised during the incident:

“ … [N]ames, enrollment information such as group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information, dates of birth, email addresses, phone numbers, driver’s license number, passport number, as well as in some cases social security numbers and financial information.”

Although Highmark’s online notice says the cyberattack was caused after an employee opened a “malicious phishing email link that led to their email account being compromised,” the lawsuit contends that the root cause of the breach stems from the company’s failure to implement adequate cybersecurity measures.

Moreover, the case says, Highmark’s negligence has exposed consumers to an increased risk of identity theft and fraud. Victims must now spend a significant amount of time, energy and money to protect themselves from such misuse of their information, which is a threat that may persist for years to come, the filing says.

The suit further charges that Highmark failed to provide affected individuals timely notice of the event, as the company has only recently begun informing victims of the cyberattack.

To make matters worse, Highmark failed to heed the warning provided by the FBI in a 2014 notice that said it had “observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining the Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII),” the filing relays.

The lawsuit looks to cover anyone within the United States of America whose protected health information, personally identifiable information and/or financial information was exposed to unauthorized third parties as a result of the data breach announced by Highmark on February 6, 2023.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on February 27, 2023 — 3:55 PM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.