in Newswire Published on April 21, 2020

Magellan Health, Rx Management Face Class Action Over May 2019 Data Breach

Last Updated on September 24, 2024

Dearing v. Magellan Health Inc. et al.

Filed: April 17, 2020 ◆§ 2:20-cv-00747-SPL

A lawsuit was filed over a data breach that reportedly affected thousands of participants in healthcare programs managed by Magellan Health and Magellan Rx Management.

Defendant(s)

Magellan Health Inc. Magellan Rx Management, LLC

Law(s)

State(s)

Arizona

Categories

Medical/Health Privacy Data Breach

Magellan Health Inc. and Magellan Rx Management, LLC are on the receiving end of a proposed class action filed over a data breach that reportedly affected “tens of thousands” of participants in healthcare programs managed by the companies.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

The data breach lawsuit explains that Magellan provides pharmaceutical benefits management services to a number of healthcare providers, including Tennesee’s TennCare, Florida Blue, Independent Health, Emblem, Alliant Health Plans, ConnectiCare Inc., and Horizon BCBS NJ. According to the lawsuit, at least two Magellan employees’ email accounts were accessed in a phishing scam in May 2019 that exposed the personal and medical data of potentially thousands of healthcare plan participants, including 44,000 individuals who participate in TennCare, Tennessee’s state-sponsored Medicaid program.

Among the allegedly exposed information were patients’ names, Social Security numbers, member IDs, health plans, provider names, and the names of medications they’ve been prescribed.

The lawsuit claims the breach was a “direct result” of the defendants’ inadequate cybersecurity procedures and protocols. According to the case, the defendants “chose to ignore” an abundance of cybersecurity safeguards available within the healthcare industry.

“These best practices were known, or should have been known by Magellan, whose failure to heed and properly implement them directly led to the Data Breach and the unlawful exposure of [protected health and personally identifiable information],” the complaint claims.

Further, the suit relays that Magellan “inexplicably” waited more than four months to notify affected patients after discovering the breach in July 2019. The plaintiff claims she and other TennCare participants were first made privy to the incident on November 8, 2019, when Magellan stated in a notice that their personally identifiable information and other protected health information may have been compromised. According to the case, Magellan later revealed that other healthcare plan providers were also affected by the breach, though the companies have reportedly refused to disclose the total number of victims.

The case claims the damages caused by the defendants’ failure to protect patients’ sensitive information are “long lasting and severe,” and that the companies’ offer of one year of free identity monitoring services to a “subset of affected patients” is “wholly inadequate” given affected individuals will be exposed to a heightened risk of identity theft and fraud for “multiple years.”

The plaintiff looks to represent anyone whose personally identifiable information was compromised as a result of the data breach announced by Magellan in November 2019.

Want to learn how to start a class action lawsuit? We’ve got you covered.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?