NorthStar Healthcare Consulting Responsible for 2022 Data Breach, Class Action Alleges
Emery v. NorthStar Healthcare Consulting, LLC
Filed: October 13, 2022 ◆§ 1:22-cv-04094-ELR
A class action claims that NorthStar Healthcare Consulting failed to prevent a data breach in 2022, compromising the sensitive data of 18,354 customers.
NorthStar Healthcare Consulting has been hit with a proposed class action that claims the firm failed to prevent a “foreseeable” data breach in 2022, compromising the health and personally identifiable information of approximately 18,354 customers.
The 59-page case alleges NorthStar failed to implement adequate cybersecurity measures to safeguard customers’ sensitive data, resulting in a data breach the firm says it detected on April 20 of this year. The filing argues that due to NorthStar’s negligence, cybercriminals were able to obtain customers’ full names, mailing addresses, dates of birth, Medicaid identification numbers, medication and prescriber names, and appeal numbers.
Further, although NorthStar, an associate of Optum Rx, who provides pharmacy benefit management services to the Georgia Department of Community Health, Medical Assistance Plans Division, concluded its review of the attack on July 15, the company waited five months before alerting affected individuals on September 8, 2022, the case relays. The lawsuit states that the letter sent by NorthStar provided only “basic details” about the data breach and failed to mention what steps the company intends to take to prevent future attacks.
According to the complaint, NorthStar’s alleged misconduct is “grossly negligent” due to the foreseeable nature of ransomware attacks, particularly in the healthcare industry. The case asserts that within the past two years, there has been a significant spike in healthcare data breaches, with large companies like Universal Health Services, Scripps Health, and UC San Diego Health as targets.
“Due to the high-profile nature of these breaches, and other breaches of its kind, Defendant was and/or certainly should have been on notice and aware of such attacks occurring in the healthcare industry and, therefore, should have assumed and adequately performed the duty of preparing for such an imminent attack. This is especially true given that Defendant is a large, sophisticated operation with the resources to put adequate data security protocols in place.”
As the case tells it, NorthStar’s failure to properly secure or encrypt the information stored in its network violates Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules, which establish a minimum standard for the protection of medical records and personal health information. Additionally, NorthStar failed to comply with the minimum industry standards for cybersecurity and the Federal Trade Commission Act, the suit alleges.
NorthStar Healthcare Consulting data breach victims face “long-lasting and severe” ramifications as they face an “omnipresent threat” of identity theft or fraud, the filing argues. The complaint also relays that preventing and recovering from the unauthorized use of financial, medical or personal information often comes with a hefty, out-of-pocket price tag.
The lawsuit looks to cover anyone in the United States whose protected health information, personally identifiable information, and/or financial information was exposed to unauthorized third parties as a result of the data breach discovered by NorthStar on April 20, 2022.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.