Mena Regional Facing Class Action Over Data Breach Affecting Nearly 85K Patients
Cant et al. v. Mena Regional Health System et al.
Filed: February 15, 2023 ◆§ 2:23-cv-02027-PKH
A class action lawsuit alleges the inadequate cybersecurity practices of Mena Regional Health System and an unidentified insurance carrier are to blame for a data breach purportedly discovered in November 2022.
A proposed class action lawsuit alleges the inadequate cybersecurity practices of Mena Regional Health System and an unidentified insurance carrier are to blame for a data breach purportedly discovered in November 2022.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 28-page lawsuit says that the Arkansas- and Oklahoma-based healthcare organization, who does business as Mena Regional Hospital Commission, learned on November 8 of last year that its network had been hacked and that a third-party had removed sensitive patient information almost a year earlier, in late October 2021.
Per the suit, the cyberattack compromised the personal information of almost 85,000 patients. Data compromised in the incident included, but was not limited to, patients’ names, dates of birth, Social Security numbers, driver’s license and government identification numbers, financial account information, patient account numbers, medical diagnoses and treatment details, medical provider names, lab results, prescription details and health insurance specifics.
The case contends that the data breach occurred as a direct result of Mena Regional’s “negligent” failure to take basic cybersecurity precautions to safeguard patients’ personally identifiable information (PII) and protected health information (PHI) in its network.
According to the complaint, the defendant had a legal obligation under the Health Insurance Portability and Accountability Act (HIPAA) to protect the personal and medical data stored in its system, and Mena Regional should have understood that the vast quantity of valuable information it retained would make it a “prime target” for cybercriminals.
“Mena Regional was well aware [sic] that the PHI and PII it collects is highly sensitive and of significant value to those who would use it for wrongful purposes,” the filing reads.
The plaintiffs, both Arkansas residents and former patients, received notices from Mena Regional in late November 2022 informing them that their personal information had been compromised in the data breach, the suit relays. Like other victims, the plaintiffs must now deal with a substantially increased risk of illegal activity, such as identity theft and medical fraud, as a result of the exposure of their data to cybercriminals, the case claims.
The lawsuit looks to represent anyone whose personal and/or medical information was compromised in the data breach announced by Mena Regional on November 22, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.