Local Class Action Lawsuit Targets Partnership HealthPlan Over ‘Massive Data Breach’ of Personal Info – Lost Coast Outpost

local-class-action-lawsuit-targets-partnership-healthplan-over-‘massive-data-breach’-of-personal-info-–-lost-coast-outpost

Everyone knows !


Ryan Burns /

Friday, May 6
@ 1: 53 p.m. /

Courts

Local Class Action Lawsuit Targets Partnership HealthPlan Over ‘Massive Data Breach’ of Personal Info

Back in March, Partnership HealthPlan of California, a Medi-Cal managed service provider serving close to a million beneficiaries in Northern California, announced on its website that it had been hacked. 

A ransomware group called Hive claimed responsibility, boasting that it had stolen private data for 850,000 Partnership HealthPlan members, including names, social security numbers, dates of birth, addresses and more.

On Thursday, Eureka law firm Janssen Malloy filed a class action lawsuit in Humboldt County Superior Court on behalf of a Partnership HealthPlan member, alleging that the provider failed to adequately store and protect sensitive medical information of enrollees and failed to give proper notice of the data breach.

In a press release issued Friday, the firm invites Partnership patients who are concerned about the breach to reach out.

Here’s that release:

On May 5, 2022, a member of PARTNERSHIP HEALTHPLAN OF CALIFORNIA (“PHC”), a
healthcare coverage provider based in Northern California, filed a class action lawsuit in
Humboldt County Superior Court challenging PHC’s failure to adequately store and protect
sensitive medical information of up to 850,000 enrollees and failing to give notice of the
breach to all impacted enrollees.

When compared to the data reported by the U.S.
Department of Health and Human Services Office of Civil Rights during the last 2 years, this
would be the second largest health plan data breach in the United States during that time.

A copy of the Complaint can be found here.

According to the Complaint, on March 29, 2022, the Hive ransomware group posted a
message declaring the group had been able to access the personal private information of up
to 850,000 patients of PHC on or about March 19, 2022, and had encrypted PHC’s computer
system.

This data included at least the names, addresses and Social Security Numbers of their
patients. The Complaint also alleges that PHC’s negligence in safeguarding the medical
information of Plaintiff and the Class members “was exacerbated by the repeated warnings
and alerts directed to protecting and securing sensitive data, especially in light of the
substantial increase in cyberattacks and/or data breaches in the healthcare and insurance
industries preceding the date of this attack.” This included government reports about Hive
targeting health care companies such as PHC as early as July 2021.

The Complaint further alleges PHC, to date, has failed to provide notice of this breach to
consumers, or even acknowledge this massive data breach occurred. While its operations
were brought to a standstill, PHC’s website for several weeks only had the following message: “We are working diligently with third-party forensic specialists to investigate this disruption,
safely restore full functionality to affected systems, and determine whether any information
may have been potentially accessible as a result of the situation.”

The Complaint alleges violations of the Information Practices Act of 1977 the Confidentiality
of Medical Information Act, Article I, Section 1 of the California Constitution (Invasion of
Privacy), California Business and Professions Code § 17200 et seq. (Unfair and Unlawful
Business Practices), and Declaratory Relief.

According to research published in the online journal Healthcare, health-related data
“are more sensitive than other types of data because any data tampering can lead to
faulty treatment, with fatal and irreversible losses to patients. Hence, healthcare data
need enhanced security, and should be breach-proof.” (Seh AH, et al., Healthcare Data
Breaches: Insights and Implications. Healthcare. 2020; 8(2): 133.)

If you are a patient of PARTNERSHIP HEALTHPLAN OF CALIFORNIA and are concerned about
this breach of your personal data and what your options are, contact Janssen Malloy LLP by
calling toll-free 888-JANSSEN (1-888-526-7736) or (707) 445-2071.

Don't forget that camDown and your neighbors would feel the same.