Health care systems, others hit with class action lawsuits following data breaches

Data breach class action lawsuits overview: 

• Who: Class action lawsuits have recently been filed against John Hopkins University, Enzo Biochem, Enzo Clinical Labs, Harvard Pilgrim Health Care, Point32Health, HPHC Insurance Company, HCA Healthcare and Citi Trends. 
• Why: The complaints were filed in response to data breaches. 
• Where: The class actions affect consumers nationwide. 

A number of class action lawsuits have recently been filed against entities accused of failing to prevent the private data of their customers and/or patients from being compromised during a data breach. 

Individuals behind the complaints argue the companies, which include health care systems and a retail clothing chain, among other things, failed to properly safeguard and secure private data from unauthorized exposure.

John Hopkins data breach caused by negligence, class action says

In July, a pair of individuals filed a class action lawsuit against John Hopkins University and its health system over claims it bears responsibility for a May data breach that allegedly exposed the private data of thousands of its patients, employees and students. 

John Hopkins allegedly breached its duty to protect sensitive Personally Identifiable Information (PII) and, by allegedly allowing the data breach to happen, failed to abide by its own privacy policy, the lawsuit alleges. 

The plaintiffs argue the data breach, which John Hopkins announced June 14, was a “direct and proximate result” of allegedly inadequate data security practices put in place by the university and its health system. 

Private data exposed in the data breach includes patient names, birthdates, Social Security numbers,and addresses, according to the John Hopkins class action, which argues the data has since been posted on the dark web. 

Enzo Biochem failed to safeguard sensitive data of nearly 2.5M individuals, class action says

A consumer filed a class action lawsuit against Enzo Biochem and Enzo Clinical Labs in June over claims the companies failed to adequately safeguard sensitive data belonging to nearly 2.5 million individuals during a recent data breach. 

Enzo Biochem is accused of maintaining PII and Protected Health Information (PHI) stored on its computer system and network in a “negligent and/or reckless manner” that allegedly left it “vulnerable to cyberattacks.” 

The individual behind the complaint argues Enzo Biochem ultimately failed to put safeguards in place required by the Health Insurance Portability and Accountability Act that would have prevented the unauthorized disclosure or use of the private data. 

Enzo Biochem is also accused of waiting almost two months to notify affected individuals about the data breach, allegedly preventing them from being able to take swift action to try and protect their sensitive information. 

Harvard Pilgrim failed to secure sensitive patient data, class action says

Last month, a trio of patients filed a class action lawsuit against Harvard Pilgrim Health Care, Point32Health and HPHC Insurance Company over claims they failed to secure sensitive patient data during an April data breach. 

The class action lawsuit argues the data breach exposed private medical information belonging to more than 2.5 million Harvard Pilgrim patients. 

“Defendants abdicated their obligations and duties to protect sensitive personal information in their possession … and failed to take steps necessary to prevent such an attack,” the Harvard Pilgrim class action states. 

Harvard Pilgrim and the other companies have also been accused of failing to fully inform patients affected by the data breach of the amount of personal information that was stolen during the cyberattack. 

HCA Healthcare failed to properly safeguard, secure patient data, class action says

In July, a pair of individuals filed a class action lawsuit against HCA Healthcare, arguing the company failed to properly safeguard and secure its patients’ private information during a data breach discovered last month. 

HCA is accused of betraying the trust of its patients by allegedly allowing their PII and PHI to be disclosed to individuals who were not authorized to see it. 

“The disclosure of the PHI and PII at issue was a result of the Defendants’ inadequate safety and security protocols governing PHI and PII,” the HCA class action states. 

Information exposed in the data breach included patient names, addresses, birthdates, genders and appointment dates, among other things, according to the HCA class action. 

Citi Trends left employee data vulnerable by failing to encrypt, redact it, class action says

An individual filed a class action lawsuit against Citi Trends last month, arguing the retail clothing chain left the PII of its current and former employees vulnerable to being exposed in a data breach by allegedly failing to encrypt or redact it. 

The individual behind the complaint claims Citi Trends disclosed that it suffered a January data breach in a June notice the company sent to impacted current and former employees. 

Information exposed during the data breach included full employee names, birthdates, bank account information and Social Security numbers, according to the Citi Trends class action. 

Have you been impacted by a recent data breach? Let us know in the comments. 

Read About More Class Action Lawsuits & Class Action Settlements:

• Rite Aid data breach compromises customer information
• Roblox data breach exposes developer profiles
• Colorado State University affected by MOVEit cyberattack
• Citywide Home Loans data breach $1.2M class action settlement