Independent Living Systems to Blame for Data Breach Affecting 4M People, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

Independent Living Systems faces another class action lawsuit that claims the health services company failed to protect current and former patients’ personal information from a “foreseeable” data breach in July 2022.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 53-page lawsuit says that after finding certain computer systems inaccessible on July 5, the company launched an investigation that subsequently revealed a hacker had gained entry to the network between June 30 and July 5. The suit relays that the private data of around 4,226,508 people was compromised in the breach, including, but not limited to, patients’ names, dates of birth, Medicare and Medicaid identification details and other health information.

Per the case, Independent Living Systems (ILS)—which partners with health insurance companies, hospitals and community organizations to provide healthcare services—failed to use adequate cybersecurity measures to safeguard patients’ sensitive information. The private data was allegedly stored unencrypted in the defendant’s servers and therefore left in a “dangerous” condition “vulnerable to cyberattack,” the complaint contends.

What’s more, the filing also takes issue with ILS’s delayed notification of victims of the ransomware attack. Though the company purports to have first discovered unusual activity on its computer systems in July 2022, notices were not issued to those affected until mid-March 2023, the lawsuit shares.

The suit argues that this eight-month delay did nothing but “prevent[] early mitigation efforts and compound[] the harm” done to victims of the breach.

ILS should have been well aware of the threat of cyberattacks given the prevalence of such data breaches in the medical industry, the case charges. However, as the complaint tells it, the company has “done little” to make amends or provide relief to victims.

The plaintiff, a South Carolina resident, received notice on March 10 of this year that her personal information had been compromised in the breach, the filing states. Like other victims, the woman now faces an increased risk of medical fraud, identity theft, data intrusion, phishing schemes and other illegal activity as a result of ILS’s actions, the suit contends.

The lawsuit looks to represent anyone whose personal information was compromised as a result of the ILS data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.