in Newswire Published on August 23, 2023

Class Action Filed Over March 2023 BrightSpring Health Services Data Breach Affecting Roughly 535K People [DISMISSED]

by Corrado Rizzi

Last Updated on October 2, 2023

View Comments

Saldana v. Res-Care, Inc.

Filed: August 21, 2023 § 3:23-cv-00435

Read Complaint

BrightSpring Health Services faces a class action that alleges the care provider is to blame for a March 2023 data breach believed to have impacted roughly 535K people.

Defendant(s)

Res-Care, Inc. BrightSpring Health Services

Law(s)

State(s)

Kentucky

Categories

Medical/Health Privacy Data Breach

October 2, 2023 – BrightSpring Health Services Data Breach Lawsuit Dropped by Plaintiff

The proposed class action lawsuit detailed on this page was voluntarily dismissed without prejudice by the plaintiff on August 28, 2023.

According to court documents, the plaintiff’s counsel notified United States District Judge Benjamin Beaton of the dismissal in a two-page notice submitted just days after the complaint was filed.

Records show that the court terminated the case on August 30, following the notice of dismissal, noting that defendant BrightSpring Health Services had not “answered or otherwise responded to the complaint.” No information is provided as to why the plaintiff dropped the suit.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

BrightSpring Health Services faces a proposed class action that alleges the specialized/chronic care provider is to blame for a March 2023 data breach believed to have impacted roughly 535,000 people, including current and former employees. 

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 51-page suit says data compromised in the incident included the full names, addresses, dates of birth and Social Security numbers of people whose personal information was maintained on BrightSpring’s computer systems. 

According to the case, BrightSpring maintained the data in a reckless manner, unencrypted, unredacted and without adequate safeguards. 

“Plaintiff’s and Class Members’ identities are now at risk because of Defendant’s negligent conduct because the [personally identifiable information] that [BrightSpring] collected is now in the hands of data thieves,” the lawsuit emphasizes. 

Around June 21 of this year, BrightSpring began to send to data breach victims a notice that stated the company learned of suspicious activity on its computer network in mid-March, the filing says. The company relayed that its investigation revealed that an unknown third party accessed its computer systems from March 12 to March 13, 2023, and that certain personal information, including employee details, may have been obtained during the incident. 

The case notes, however, that the BrightSpring data breach notice lacked an explanation as to why the company waited until three months after the incident to contact victims, much less details on the root cause of the intrusion and the measures taken to ensure such an incident does not happen again. 

The suit contends that the BrightSpring data breach was a targeted cyberattack, particularly given the defendant’s status as a healthcare services company in possession of myriad personal information on its computer systems.

As the case tells it, BrightSpring’s offer of 12 months of identity theft monitoring services to data breach victims is “wholly inadequate” as it fails to compensate current and former employees for the ongoing risk of fraud and the disclosure of their information. 

The lawsuit looks to cover all persons whose personally identifiable information was maintained on BrightSpring’s computer systems that were compromised in the March 2023 data breach, including those who received a notice letter from the company. 

Earlier this year, BrightSpring parent company Res-Care and PharMerica were hit with a proposed class action over a March 2023 cyberattack that allegedly affected more than 5.8 million people.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Open Document
Last Updated on October 2, 2023 — 9:11 AM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.