in Newswire Published on September 15, 2023

CareSource Hit with Class Action After Member Info Was Exposed During MOVEit Data Breach

by Corrado Rizzi

Last Updated on March 13, 2024

View Comments

Willis v. CareSource

Filed: September 13, 2023 § 3:23-cv-00264

Read Complaint

CareSource is one of the latest healthcare entities to face a proposed class action in the wake of the May 2023 MOVEit data breach.

Defendant(s)

CareSource

Law(s)

State(s)

Ohio

Categories

Medical/Health Privacy Data Breach

CareSource is one of the latest healthcare entities to face a proposed class action in the wake of the May 2023 MOVEit data breach, a major international cyberattack that compromised the systems of many organizations that use the file transfer service. 

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here. 

The 46-page suit accuses CareSource, one of the country’s largest Medicaid managed care plans, of failing to safeguard the sensitive data of more than three million people, including minors. Per the case, the ransomware gang behind the MOVEit data breach was able to access CareSource member names, addresses, dates of birth, genders, Social Security numbers, and medical and health insurance information. According to the case, CareSource used MOVEit’s file transfer service to “share data to manage your benefits.” 

Related Reading: 2023 MOVEit Data Breach Lawsuits

The complaint says that although CareSource claims to have been made aware of the cyberattack on the file transfer vendor on May 31, 2023 and patched the affected software on June 1, it was not until around August 24 that the company began notifying members that their data had been stolen. 

According to the case, an investigation revealed that a “bad actor” did in fact access the software and copied certain data from the vendor’s server. The suit says that proposed class members’ information was accessed without authorization due in part to CareSource’s “inadequate vendor screening and security measures.” 

The CareSource data breach lawsuit contends that the healthcare company was aware that the sensitive personal information in its care was a “lucrative target for hackers” yet failed to implement and maintain reasonable cybersecurity measures to protect the data. 

The lawsuit looks to cover all persons whose personal or health information was compromised in the CareSource data breach, including those who received notice about the incident. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on March 13, 2024 — 11:30 AM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.