Lamoille Health Partners data breach class action alleges provider negligence

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Lamoille Health Partners data breach overview: 

• Who: A patient of Vermont’s Lamoille Health Partners is suing the healthcare provider. 
• Why: The plaintiff says the provider was negligent with patient data, resulting in a cyberattack.
• Where: The class action was filed in a Vermont federal court.

A Vermont healthcare provider allowed highly-sensitive patient information to fall into the hands of cybercriminals through its relaxed data security policies, a new class action lawsuit alleges. 

Plaintiff Patricia Marshall filed the class action lawsuit against Lamoille Health Partners, Inc (LHP) Sept. 1 in a Vermont federal court, alleging violations of federal laws.

According to the lawsuit, LHP, an integrated healthcare provider in Vermont, allowed a third party to access its computer systems and data earlier this year, resulting in the compromise of “highly sensitive personal information” belonging to thousands of current and former patients.

Marshall says more than 59,000 patients fell victim to the cyberattack, suffering out-of-pocket expenses, emotional distress, lost time and the risk of future harm due to the breach.

“Defendant maintained the Private Information in a reckless manner,” the lawsuit states. 

“In particular, the Private Information was maintained on Defendant’s computer system and network in a condition vulnerable to a cyberattack.” 

LHP took weeks to advise patients about breach, lawsuit alleges

According to the lawsuit, LHP suffered a ransomware attack on June 13, 2022. However, after discovering the breach, it took nearly three weeks to notify state Attorneys Generals and patients about it. 

The information compromised in the data breach included names, addresses, dates of birth, Social Security numbers, patient identification numbers, account numbers, financial information, health insurance information, medical information, and other protected health information, the lawsuit states.

People’s private information is now at risk, and data thieves could now use it to commit a range of crimes including taking out loans in class members’ names, it says.

Marshall is looking to represent anyone who’s private information was breached. She’s suing for negligence, breach of contract, breach of fiduciary duty and unjust enrichment. 

Marshall is seeking certification of the class action, compensatory damages,reimbursement of out-of-pocket costs, and injunctive relief including improvements to LHP’s data security systems, future annual audits, and adequate credit monitoring services.

Meanwhile, another recent class action lawsuit alleges that KeyBank caused, facilitated and exacerbated a July data breach by having “insufficient and unreasonable data security practices.” 

Are you affected by the Lamoille Health Partners data breach? Let us know your thoughts in the comments. 

The plaintiff is represented by Gravel & Shea PC, Milberg Coleman Bryson Phillips Grossman PLLC and Markovits, Stock & Demarco LLC.

The Lamoille class action lawsuit is Patricia Marshall v. Lamoille Health Partners Inc., Case No. 2:22-cv-00166-wks in the U.S. District Court for the District of Vermont.

Read About More Class Action Lawsuits & Class Action Settlements:

• LastPass data breach leads to theft of source code, proprietary technical information
• DoorDash data breach exposes customers’ personal, financial information
• Top mobile carriers including Verizon, AT&T, T-Mobile share data privacy practices
• Applebees, Chipotle, other restaurants face class action alleging automated voice ordering technology data privacy violations