Ernest Health class action lawsuit overview:
- Who: Plaintiff Renita James filed a class action lawsuit against Ernest Health Inc.
- Why: Ernest Health allegedly failed to encrypt or redact patients’ sensitive information, leaving it vulnerable to a January cyberattack.
- Where: The Ernest Health data breach class action lawsuit was filed in Texas federal court.
Ernest Health Inc.’s failure to properly safeguard sensitive patient information left it vulnerable to cybercriminals who allegedly accessed its network in January, according to a new Ernest Health class action lawsuit.
Plaintiff Renita James says she received a letter notifying her about the Ernest Health data breach around March 29. The letter reportedly informed her that Ernest Health learned about the cybersecurity incident on Feb. 1 and determined that an unauthorized third party accessed its IT network from Jan. 16 through Feb. 4.
The unauthorized party allegedly accessed and exfiltrated current and former patients’ personal information, including Social Security numbers, the Ernest Health class action lawsuit claims.
James says the Ernest Health data breach was the result of three failures: failure to adequately protect patients’ sensitive data, failure to warn patients about its inadequate information security practices and failure to effectively safeguard hardware containing sensitive data.
She says patients and employees are required to provide Ernest Health with sensitive data, which Ernest Health had a legal duty to protect.
Ernest Health data breach harm to victims was preventable, plaintiff says
Ernest Health failed to encrypt or redact patients’ highly sensitive information, leaving it vulnerable to hackers, James says. She says the healthcare provider “intentionally, willfully, recklessly or negligently” failed to maintain adequate security measures to safeguard this information despite its obligations to protect its patents’ information from unauthorized access.
James points to several recent high-profile cybersecurity incidents targeting other healthcare companies to show Ernest Health should have known that cybercriminals would attempt to hack its systems. She says personal information can be sold for $40 to $200, and information sets from data breaches can be sold for $900 to $4,500.
Social Security numbers are particularly valuable to cybercriminals because they can be used to commit identity theft and extensive financial fraud, according to the Ernest Health class action lawsuit.
She claims the Ernest Health data breach will pose a “present and continuing risk” for the putative class members’ respective lifetimes.
The Ernest Health class action lawsuit asserts claims for negligence per se, invasion of privacy, unjust enrichment and breach of implied contract.
Change Healthcare was recently hit with a data breach class action lawsuit alleging it failed to prevent a cyberattack that exposed patients’ personally identifiable and protected health information.
Were you affected by the Ernest Health data breach? Tell us about your experience in the comments.
James is represented by Bruce W. Steckler of Steckler Wayne & Love PLLC and Bryan L. Bleichner and Philip J. Krzeski of Chestnut Cambronne PA.
The Ernest Health data breach class action lawsuit is Renita James v. Ernest Health Inc., Case No. 5:24-cv-00095, in the U.S. District Court for the Northern District of Texas, Lubbock Division.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
One thought on Ernest Health class action claims data breach was preventable
Add me please