Logan Health Facing Class Action Over February 2022 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Logan Health, a Kalispell, Montana medical center, faces a proposed class action over a February 2022 data breach that reportedly compromised the personal and health information of 213,545 individuals.

The 21-page case out in Montana district court claims that the breach was a direct result of Logan Health’s apparent failure to implement adequate data security procedures. According to the suit, the information that may have been compromised includes patients’ names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, diagnosis and treatment codes, dates of service, treating/referring physicians, medical bill account numbers, health insurance information and Social Security numbers.

The lawsuit alleges that Logan Health “acted in reckless disregard” of patients’ privacy rights and has caused the individuals to incur “actual damages,” including “an increased and imminent risk” of fraud and identity theft, damages resulting from fraud and identity theft, time and expenses related to monitoring their accounts, the lost value of their personal information and “other economic and non-economic harm.”

Per the suit, Logan Health reported in February 2022 that it had experienced a data breach on November 18, 2021. The lawsuit says the medical center discovered on November 22 “suspicious activity” involving a file server containing patients’ personal information, and later reported that a “malicious actor” had gained access its system.

The suit stresses that this isn’t the first time Logan Health has experienced a data breach and notes that the medical center previously reported a January 2021 data breach that affected more than 2,000 Montanans and a 2019 data breach under its previous name, Kalispell Regional Healthcare, that affected 126,805 of the state’s residents.

The lawsuit argues that the consequences of Logan Health’s failure to properly secure patient information are “long lasting and severe.” Per the suit, the defendant’s offer of 12 months of identity theft protection services is inadequate to protect patients from the unauthorized use of their information.

“A free credit report and the ability to freeze their accounts is not only a right that every citizen enjoys, it is grossly inadequate to protect the Plaintiff and Class members from the threats they face resulting from the [personally identifiable information/protected health information] that was exposed,” the complaint states, arguing that free credit monitoring “has very little value as a preventative measure.”

The case looks to represent anyone whose sensitive personal information was compromised as a result of the breach of Logan Health’s electronic information systems.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.