Lead plaintiffs in the class action say that they have experienced suspicious activity after the data breach, which reportedly affected the personal information of 36,000 patients.
The data breach was announced last month by law firm Charles Hilton & Associates, who said that hackers had accessed the law firm’s employee email accounts between April and June of last year, according to a statement posted by UPMC. Upon investigation, discovered that “a number of CJH email accounts had been logged into by hackers” and that “some of UPMC’s patient information may have been accessed in this breach.”
The hospital’s statement about the data breach noted that a litany of information had been exposed in the breach, “including Social Security numbers, dates of birth, bank or financial account numbers, driver’s license or state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, trip numbers, Medicare or Medicaid identification numbers, individual health insurance or subscriber numbers, group health insurance or subscriber numbers, medical benefits and entitlement information, disability access and accommodation, and information related to occupational-health, diagnosis, symptoms, treatment, prescription or medications, drug tests, billing or claims, and/or disability.”
In its statement, the hospital says that there is no evidence that the data, some of which may be protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), has been misused.
The lead plaintiffs contend that there is ample evidence of misuse.
Lead plaintiff Vince Ranalli told local reporters he was sent a letter from a bank about an unauthorized account that had been opened in his name.
“They said whoever had done this had gotten everything from me. They opened it with my Social Security number, my driver’s license, my address. They pretty much had all of my personal information,” Ranalli told Action 4 News.
Ranalli also told reporters that his father had also been affected by the hospital data breach, receiving multiple unwanted credit cards.
“Both the bank and law enforcement made that connection in some way,” Ranalli told reporters of the unauthorized bank account he experienced, as well as the credit cards his father did not apply for.
Neither UPMC nor the law firm has commented on the class action lawsuit, which is seeking damages based on charges of negligence and invasion of privacy among others.
“We’re seeking to curtail the problem, identify all the people affected, recover monies for them to the extent they’re entitled and to protect their information,” the lawyer representing the plaintiffs told Action 4 News.
Was your personal information exposed in this or another hospital data breach? Have you experienced identity theft or fraud you think is linked to the hack? Tell us about it below.
The lead plaintiffs are represented by Joshua Ward.
Read About More Class Action Lawsuits & Class Action Settlements:
5 thoughts on36K Patients Exposed in UPMC Data Breach, Claims Class Action Lawsuit
I had a woman contact me from Pittsburgh said my name & number she got out of her book at work ,
Besides unwanted credit cards , emails asking for my correct address or to pickup packages at FedEx and UPS, I had another branch of my bank send into my account almost $1,500.00 from someone with the same name as mine just so tired of all the scams & spams I keep getting , to much harassment in forms of calls , texts , and Gmail’s even about my S.S card numbers being effected.please help thank you 🙏🏾
I hope they didn’t get my Information
I was hospitalized in 2020 at upmc shadyside for a procedure done.
Same thing. Accounys opened with td bank…
They have all my information right down to my hemorrhoids. Please add me.