Solara Medical Supplies has been hit with a proposed class action lawsuit in California over a sizeable data breach that impacted the company’s computer systems between April 2 and June 20, 2019.
According to the 45-page complaint, hackers gained access to the Chula Vista-based company’s systems with the intent to steal the personal and protected health information of millions of individuals. The case claims the hackers were successful “with respect to potentially thousands” of consumers, stealing names, addresses, birth dates, Social Security numbers and employee ID numbers. Further, the lawsuit alleges the hackers may have even obtained medical and health insurance information, passwords, account login details, billing and claims data, Medicare and Medicaid identification and credit and debit card payment information, as well as driver’s licenses and passport info.
The case argues that while the data breach occurred between April 2 and June 20, Solara waited until the issuance of a November 13, 2019 press release to inform those affected by the hack that the company had discovered back on June 28 that an unknown actor gained access to select employees’ Microsoft Office 365 accounts. The lawsuit charges that in the four months in which Solara did nothing to warn consumers of the data breach, cybercriminals “had free reign to defraud their unsuspecting victims.” The plaintiff claims that Solara chose to complete its own internal investigation of the data breach and “develop its excuses and speaking points” before alerting proposed class members that their information had been compromised.
The plaintiff alleges the defendant, a direct-to-patient manufacturer of continuous glucose monitors and insulin pumps, among other diabetes treatment devices, failed to have in place adequate and reasonable cybersecurity measures that may have been able to timely detect or prevent the breach. Moreover, Solara, the lawsuit says, failed to disclose the “material facts” that its computer systems containing sensitive information were not adequately safeguarded. As a result, the case says, the information contained therein was ripe for the taking by unauthorized third parties presented effectively with a “soft target.”
“In short, thanks to Defendant's failure to protect the Breach Victims' Personal and Medical Information, cyber criminals were able to steal everything they could possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals,” the case scathes.
According to the lawsuit, those victimized in the breach have incurred fraudulent charges on certain financial accounts and spent hours filing police reports and monitoring their credit and bank accounts. Many proposed class members, the suit continues, are now on the hook for monthly or annual identify theft protection and credit monitoring fees, and must now spend additional time “being extra vigilant” against cyber theft due to Solara Medical Supplies’ alleged data protection shortcomings.