SouthCoast Health Data Breach Lawsuit Filed Over 2023 Cyberattack

New to ClassAction.org? Read our Newswire Disclaimer

SouthCoast Medical Group faces a proposed class action lawsuit that claims it failed to protect patients’ sensitive personal information from unauthorized disclosure as the healthcare provider suffered a June 2023 data breach that allegedly impacted roughly 32,000 current and former patients. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here. 

The 85-page SouthCoast Health data breach lawsuit says the information compromised in the incident, which SouthCoast announced on or around July 3, 2024, included patient names; Social Security, driver’s license, passport, license plate, state ID, military ID and taxpayer ID numbers; copies of birth and marriage certificates; mothers’ maiden names; emails/usernames and passwords; financial account details; treatment and health insurance information; and security questions and answers, among other protected information. 

According to the data breach lawsuit, SouthCoast patients’ information was exposed to and exfiltrated by cyber criminals as a result of the healthcare network’s failure to maintain reasonable, industry-standard cybersecurity safeguards. The complaint contends that SouthCoast, which operates a network of 120 physicians and medical professionals, was targeted for a cyberattack due to its status as a healthcare entity in possession of reams of highly valuable consumer information. 

“As a result of the Data Breach, Plaintiff and Class Members have been exposed to a heightened and imminent risk of fraud and identity theft. Plaintiff and Class Members must now and in the future closely monitor their financial accounts to guard against identity theft,” the case says. 

According to an early-July SouthCoast data breach notice letter, the company became aware on June 18 of last year that unauthorized activity had occurred within its network. A subsequent investigation determined that an unauthorized actor had accessed the SouthCoast network between June 15 and June 18, 2023, and viewed or copied certain files kept within the system, the notice states. 

The filing points out that the SouthCoast notice does not include details of the root cause of the data breach, the vulnerabilities that were exploited, or the measures taken to ensure such a cyberattack does not happen again. 

“Without these details, Plaintiff’s and Class Members’ ability to mitigate the harms resulting from the Data Breach is severely diminished,” the suit stresses. 

The plaintiff believes that the patient data stolen from SouthCoast Health has been sold on the dark web in the wake of the incident. 

The SouthCoast Health data breach class action looks to cover all United States residents whose private information was accessed and/or acquired by an unauthorized party as a result of the data breach reported by SouthCoast in July 2024. 

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.