Health Care Service Corporation Facing Class Action Data Breach Lawsuit
A lawsuit has been filed against the Chicago, IL-based health insurer and Blue Cross Blue Shield licensee, Health Care Service Corporation (HCSC), over a recently disclosed data breach that affected 192,231 of its members.
HCSC experienced a cyberattack on or around June 21, 2023, and determined the threat actors had access to member information such as names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, claim numbers, bank account numbers, and medical service information. Notification letters were sent to the affected individuals on August 21, 2023.
A lawsuit was recently filed in the Circuit Court of Cook County in Illinois on behalf of plaintiff Elizabeth Slaughter and other similarly situated individuals. The lawsuit alleges HCSC disregarded the rights of the plaintiff and class members by “intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures to ensure PHI/PII was safeguarded,” such as encrypting data on its network, and HCSC did not meet its data security obligations under the Health Insurance Portability and Accountability Act (HIPAA).
The plaintiff alleges she was not notified about the data breach until August 24, 2023, more than 2 months after the date of the cyberattack, and that she was unaware that the defendant even had her data until she received the letter in the mail. The plaintiff alleges she has suffered an injury as a result of the data breach in the form of having to spend time and money protecting herself against identity theft and fraud and will have to continue to do so for the foreseeable future. The plaintiff also alleges she has suffered an injury in the form of damages to and diminution in the value of her PHI/PII and says her anxiety has been further exacerbated after discovering her personal data had been uploaded to at least one dark web website.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The lawsuit alleges negligence, breach of implied contract, breach of the implied covenant of good faith and fair dealing, and unjust enrichment and seeks class-action status, a jury trial, and actual, nominal, and consequential damages. The lawsuit also seeks an order from the court to prevent HCSC from engaging in unlawful activities. The injunctive relief sought includes security measures such as data encryption, regular vulnerability scanning and security checks, and security awareness training for the workforce with testing of employees’ knowledge.
The plaintiff and class members are represented by Kevin Laukaitis of the law firm, Laukaitis Law LLC, and attorney Joseph J. Two.
