in Newswire Published on April 28, 2020

Personal Touch, Crossroads Technologies Facing Class Action Over 2019 Ransomware Attack [UPDATE]

by Corrado Rizzi

Last Updated on October 13, 2020

View Comments

Booker v. Personal Touch Holding Corp., et al.

Filed: April 22, 2020 § 5:20-cv-01989

Read Complaint

A class action looks to cover Personal Touch patients and caregivers whose data was improperly accessed during a Dec. 2019 Crossroads Technologies ransomware attack.

Defendant(s)

Personal Touch Holding Corp. Crossroads Technologies, Inc.

Law(s)

State(s)

Pennsylvania

Categories

Privacy Data Breach

Case Updates

October 13, 2020 – Lawsuit Voluntarily Dismissed by Plaintiff

The proposed class action detailed on this page was voluntarily dismissed by the plaintiff on May 15, 2020. The plaintiff’s notice of voluntary dismissal without prejudice can be found here.

A proposed class action lawsuit looks to represent more than 150,000 Personal Touch home healthcare patients and caregivers whose data was improperly accessed during a ransomware attack on Crossroads Technologies’ cloud-based data center last year. 

According to the 48-page lawsuit, Crossroads informed Personal Touch on December 1, 2019 that it was hit by a ransomware attack that essentially held hostage electronic records containing confidential patient medical data, making such inaccessible until a fee was paid. In all, the case says, the personal information of 156,409 patients and caregivers across six states was impacted, and medical care and treatment were disrupted given Personal Touch’s record system was offline. 

The suit says the data compromised in the incident included patient names, addresses, telephone numbers, birth dates, health insurance card numbers, plan benefit details, Social Security numbers and treatment information. Despite being made aware of the incident on December 1, 2019, Personal Touch did not send notification to affected patients and caregivers until January 28, 2020, the lawsuit notes.

As the case tells it, the defendants maintained proposed class members’ information in a reckless manner and in a condition on a cloud storage network vulnerable to ransomware attacks and data breaches. The complaint charges that the Personal Touch ransomware attack was the result of “computer systems in dire need of security upgrading,” as well as inadequate procedures for handling potentially dangerous emails, and insufficient employee training to be vigilant against bad actors and cyber thieves. For its part, Crossroads, the case claims, failed to properly monitor the computer systems and network containing Personal Touch patient and caregiver data.

“Had Crossroads properly monitored its property, it would have discovered the intrusion sooner,” according to the lawsuit.

In addition to having their daily lives and medical treatment disrupted by the cyber incident, proposed class members now face a heightened risk of identity theft and fraud as a result of the defendants’ negligent conduct, the lawsuit claims. Additionally, proposed class members may incur out-of-pocket costs related to monitoring their financial accounts and identities and other protective measures.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on October 13, 2020 — 3:28 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.