in Newswire Published on March 21, 2023

Reventics Hit with Class Actions Over December 2022 Data Breach [DISMISSED]

Last Updated on October 15, 2024

Henderson v. Reventics, LLC

Filed: March 6, 2023 ◆§ 1:23-cv-00586

Reventics has been hit with at least two class actions over its alleged failure to adequately safeguard certain personal and health information, which resulted in a December 2022 data breach.

Defendant(s)

Reventics, LLC

Law(s)

State(s)

Colorado

October 10, 2024 – Magistrate Judge Dismisses Consolidated Reventics Data Breach Lawsuits

A magistrate judge has dismissed the two proposed class action lawsuits detailed on this page, along with five similar data breach cases with which they had been consolidated.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

In an 18-page order, U.S. Magistrate Judge Michael E. Hegarty granted a motion to dismiss filed in March 2022 by Reventics and the company that acquired it, Omega Healthcare.

Judge Hegarty determined in the September 30 order that the mere fact that the plaintiffs’ data was compromised in the Reventics data breach wasn’t sufficient grounds for a claim. According to the judge, the plaintiffs needed to allege that their leaked data had been misused in order to establish that they suffered actual, concrete harm fairly traceable to the data breach.

Four plaintiffs did, in fact, claim they experienced fraud or financial loss in the wake of the cyberattack. However, Judge Hegarty ruled that there wasn’t a “substantial likelihood” that these alleged incidents were directly linked to the Reventics data breach.

For instance, one plaintiff claimed she experienced fraudulent charges on her debit card following the data breach, but she never alleged that her debit card account information was leaked in the Reventics incident, and did not allege how the possession of her personal information that was included in the cyberattack would enable someone to access her debit account, the judge determined.

“With these shortcomings, [the plaintiff’s] debit card charges are not fairly traceable to the breach,” Judge Hegarty wrote.

Check out ClassAction.org’s lawsuit list for the latest open class action lawsuits.

Reventics, LLC has been hit with at least two proposed class actions over its alleged failure to adequately safeguard certain personal and health information, which resulted in a “massive and preventable” data breach discovered in December 2022.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The lawsuits claim that Reventics, which describes itself as a “clinical documentation improvement and revenue cycle management company,” failed to properly secure the personal and health information of at least 250,918 patients, customers and employees. According to the cases, cybercriminals infiltrated its “inadequately protected” network servers on December 15 and accessed a score of sensitive data.

Although Reventics says it discovered the ransomware attack on December 27, it waited until February 10 to publicly announce that cybercriminals had stolen affected individuals’ full names, dates of birth, Social Security numbers, financial information, healthcare provider’s name and address, health plan name, clinical data, the numeric codes used to identify services received from healthcare providers and descriptions of these codes, one filing claims. Another lawsuit says the breach also exposed consumers’ medical record numbers, patient account numbers, and driver’s license and other government-issued ID numbers.

Before the company directly notified victims of the incident in late February and early March, a February 19 report published by DataBreaches.net announced that the Royal ransomware group had leaked more than 16 GB of files exfiltrated from Reventics’ servers onto their dark web leak site on February 13, one case relays.

“As of this writing, there exist many class members who have no idea their [sensitive personal information] has been compromised, and that they are at significant risk of identity theft and various other forms of personal, social, and financial harm,” the case reads. “The risk will remain for their respective lifetimes.”

The suits allege that Reventics could have prevented the incident had it properly encrypted its computer servers. Per the cases, Reventics’ failure to comply with applicable industry standards to protect consumers’ confidential personal and health information violates the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission Act.

“Defendant’s negligence in safeguarding Representative Plaintiff’s and Class Members’ [protected health information/personally identifiable information] is exacerbated by repeated warnings and alerts directed to protecting and securing sensitive data, as evidenced by the trending data breach attacks in recent years,” one case states. “The healthcare industry has experienced a large number of high-profile cyberattacks even in just the short period preceding the filing of this Complaint and cyberattacks, generally, have become increasingly more common.”

The lawsuits look to cover anyone in the United States whose protected health information or personally identifiable information was exposed to unauthorized third parties as a result of the data breach discovered by Reventics in December 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?