Share this article on:
University of Pittsburgh Medical Center (UPMC) and the law firm Charles Hilton and Associates are facing a class action lawsuit over a breach of the protected health information of 36,000 UPMC patients.
Charles Hilton and Associates, which handles collections for UPMC, announced that hackers had gained access to the email accounts of some of its employees between April and June 2020. The investigation revealed the compromised accounts contained the protected health information of UPMC patients, some of which was potentially viewed or obtained by the attackers.
The accounts contained a wide range of data including names, dates of birth, Social Security numbers, bank account information, driver’s licenses, health insurance information, and state ID card numbers. UPMC stated in its breach notice that no reports had been received to suggest information in the compromised accounts had been misused; however, the lawsuit alleges the plaintiffs’ personal and protected health information was obtained and used to open accounts in their names.
Lead plaintiff, Vince Ranalli, received a letter from his bank weeks after the breach informing him that an unauthorized account had been opened in his name. “They opened it with my Social Security number, my driver’s license, my address. They pretty much had all of my personal information,” said Ranalli in an interview with Action 4 News. He also said his father, who had also been affected by the breach, had received multiple credit cards that he had not applied for.
The lawsuit accuses UPMC and Charles Hilton and Associates of negligence for failing to secure the personal and protected health information of patients, invasion of privacy, and other violations. The lawsuit was filed by Joshua P. Ward of J.P. Ward & Associates, who said in a statement, “We’re seeking to curtail the problem, identify all the people affected, recover monies for them to the extent they’re entitled and to protect their information.”