A proposed class action claims Gateway Rehabilitation Center failed to prevent a “massive and foreseeable” data breach in 2022 that compromised the personal and health information of at least 130,000 patients.
The 55-page case alleges that Gateway Rehab, which provides drug rehabilitation, treatment, follow-up care, emotional support and addiction recovery services at facilities nationwide, claimed to have discovered on June 13 of this year that cybercriminals infiltrated its networks. The intrusion was allegedly a result of the company’s failure to implement adequate cybersecurity measures.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here,
Per the suit, “an undoubtedly nefarious third party” now has access to consumers’ names; dates of birth; driver’s license or state ID numbers; financial account details; payment card numbers; health conditions; healthcare plan member identification numbers; healthcare plan names; addresses and demographic information.
According to the complaint, Gateway Rehab waited five months before notifying data breach victims on November 18. The notice lacked critical details about the incident, such as when or for how long the cyberattack occurred and what particular data was stolen, the filing says.
“Class Members are, thus, left to speculate as to where their [protected health information/personally identifiable information] ended up, who has used it and for what potentially nefarious purposes,” the case reads. “Indeed, they are left to further speculate as to the full impact of the Data Breach and how exactly Defendant intends to enhance its information security systems and monitoring capabilities so as to prevent further breaches.”
Individuals affected by the Gateway Rehab data breach now face a significant, lifelong risk of identity theft, and must pay out-of-pocket expenses associated with the fraudulent use of their personal information, the case contends.
The suit charges that Gateway Rehab has violated the federal Health Insurance Portability and Accountability Act (HIPAA) by failing to maintain appropriate safeguards to protect the confidential health information entrusted to it by patients.
The suit further claims that Gateway Rehab’s negligence is compounded by repeated warnings to safeguard personal and health information in the face of a dramatic increase in data breaches in recent years, many of which have been highly publicized cyberattacks within the healthcare industry.
The lawsuit looks to cover anyone within the United States whose protected personal, health or and/or financial information was exposed to unauthorized third parties as a result of the Gateway Rehabilitation Center data breach discovered on June 13, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here,