in Newswire Published on October 18, 2022

NorthStar Healthcare Consulting Responsible for 2022 Data Breach, Class Action Alleges

by Kelly Mehorter

Last Updated on August 15, 2024

View Comments

Emery v. NorthStar Healthcare Consulting, LLC

Filed: October 13, 2022 § 1:22-cv-04094-ELR

Read Complaint

A class action claims that NorthStar Healthcare Consulting failed to prevent a data breach in 2022, compromising the sensitive data of 18,354 customers.

Defendant(s)

NorthStar Healthcare Consulting, LLC

Law(s)

State(s)

Georgia

Categories

Medical/Health Privacy Data Breach

NorthStar Healthcare Consulting has been hit with a proposed class action that claims the firm failed to prevent a “foreseeable” data breach in 2022, compromising the health and personally identifiable information of approximately 18,354 customers.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 59-page case alleges NorthStar failed to implement adequate cybersecurity measures to safeguard customers’ sensitive data, resulting in a data breach the firm says it detected on April 20 of this year. The filing argues that due to NorthStar’s negligence, cybercriminals were able to obtain customers’ full names, mailing addresses, dates of birth, Medicaid identification numbers, medication and prescriber names, and appeal numbers.

Further, although NorthStar, an associate of Optum Rx, who provides pharmacy benefit management services to the Georgia Department of Community Health, Medical Assistance Plans Division, concluded its review of the attack on July 15, the company waited five months before alerting affected individuals on September 8, 2022, the case relays. The lawsuit states that the letter sent by NorthStar provided only “basic details” about the data breach and failed to mention what steps the company intends to take to prevent future attacks.

According to the complaint, NorthStar’s alleged misconduct is “grossly negligent” due to the foreseeable nature of ransomware attacks, particularly in the healthcare industry. The case asserts that within the past two years, there has been a significant spike in healthcare data breaches, with large companies like Universal Health ServicesScripps Health, and UC San Diego Health as targets.

“Due to the high-profile nature of these breaches, and other breaches of its kind, Defendant was and/or certainly should have been on notice and aware of such attacks occurring in the healthcare industry and, therefore, should have assumed and adequately performed the duty of preparing for such an imminent attack. This is especially true given that Defendant is a large, sophisticated operation with the resources to put adequate data security protocols in place.”

As the case tells it, NorthStar’s failure to properly secure or encrypt the information stored in its network violates Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules, which establish a minimum standard for the protection of medical records and personal health information. Additionally, NorthStar failed to comply with the minimum industry standards for cybersecurity and the Federal Trade Commission Act, the suit alleges.

NorthStar Healthcare Consulting data breach victims face “long-lasting and severe” ramifications as they face an “omnipresent threat” of identity theft or fraud, the filing argues. The complaint also relays that preventing and recovering from the unauthorized use of financial, medical or personal information often comes with a hefty, out-of-pocket price tag.

The lawsuit looks to cover anyone in the United States whose protected health information, personally identifiable information, and/or financial information was exposed to unauthorized third parties as a result of the data breach discovered by NorthStar on April 20, 2022.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on August 15, 2024 — 3:06 PM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.