Anyone who received a letter from CareSource stating that their personal information was exposed in a data breach.
What’s Going On?
CareSource has begun notifying over 3 million individuals that their personal and medical information was exposed during a massive data breach that impacted MOVEit, a third-party file transfer software used by CareSource. Attorneys working with ClassAction.org are now looking into whether a lawsuit can be filed on behalf of victims.
How Could a Lawsuit Help?
A class action lawsuit could help compensate data breach victims for any harm they experienced as a result of the hack, including loss of privacy and fraudulent charges.
Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed on behalf of individuals who were affected by the CareSource data breach.
In late August, CareSource, an Ohio-based nonprofit that administers Medicaid, Marketplace and Medicare plans, began notifying members that their personal and medical information was exposed during a massive hack of the third-party MOVEit file-transfer software used by the company to share data. It’s been reported that patients’ names, Social Security numbers, health plan information, medical conditions and other sensitive data were accessed and copied during the hack.
Attorneys believe CareSource may not have taken the proper steps to protect consumers’ data from unauthorized access. They’re now looking to hear from people who were affected by the breach as they work to determine whether a class action lawsuit can be filed to help compensate victims.
CareSource Hack: What Happened?
On July 27, 2023, CareSource reported to the U.S. Department of Health and Human Services that 3,180,537 individuals were affected by a data breach.
In a sample data breach letter, the company explained that the MOVEit file-transfer software provided by one of its vendors was hacked by “a bad actor” on May 31, 2023. On June 27, CareSource was identified as “one of the victims of hacked data,” and an investigation into the incident revealed that sensitive consumer information had been stolen, according to the letter.
The following patient information was reportedly accessed and copied:
Dates of birth
Social Security numbers
Health plan names
The MOVEit hack, which has reportedly impacted more than 1,000 organizations and affected over 60 million people, was perpetrated by a notorious Russia-linked ransomware gang known as Clop.
Cybernews.com reported on August 2 that Clop published 40GB of CareSource data on the dark web that contained “sensitive healthcare information such as drugs prescribed, risk groups, and patients’ treatment details.” The group wrote of CareSource that “[t]he company doesn’t care about its customers, it ignored their security!!!”
CareSource reportedly began sending data breach notices to affected individuals beginning the week of August 22.
How a Class Action Lawsuit Could Help
If successful, a class action lawsuit could help data breach victims recover compensation for damages resulting from the hack, including:
Loss of privacy
Damage to credit
Time lost responding to the breach
Out-of-pocket expenses, such as money spent obtaining credit reports, medical records and additional credit monitoring and identity theft protection services