CorrectCare Sued Over 2022 Data Breach Affecting 1.5M Consumers

New to ClassAction.org? Read our Newswire Disclaimer

CorrectCare-Integrated Health, LLC faces a proposed class action over a 2022 data breach that impacted almost 1,500,000 individuals, including those who have “interacted with” the Georgia Department of Public Safety and Corrections and county jails statewide.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 21-page case claims CorrectCare, which provides medical claims processing for correctional facilities, discovered on July 6, 2022 that two file directories on its web server containing patient information had been “inadvertently exposed” to the public internet as early as January 22, 2022. According to the suit, the breach was a direct result of CorrectCare’s failure to implement adequate cybersecurity procedures.

Per the case, CorrectCare had a legal duty under the Health Insurance Portability and Accountability Act (HIPAA) to comply with industry standards to safeguard patients’ medical information.

To compound matters, CorrectCare failed to provide victims timely notice of the incident and instead waited until November 28 to inform affected individuals that their names, dates of birth, Social Security numbers and certain “limited health information, such as a diagnosis code and/or CPT code” had been publicly exposed, the complaint contends.

The complaint stresses that affected individuals now face an “increased and imminent” risk of fraud and identity theft that may continue for years to come.

The three plaintiffs, who are currently serving sentences in the Georgia Department of Corrections, say they had their sensitive information entrusted to CorrectCare after receiving various medical treatments while incarcerated. Since the cyberattack, the plaintiffs have been placed in collections after having their bank accounts, credit cards and other consumer accounts hacked, the suit says.

“CorrectCare’s data security obligations were particularly important given the substantial increase in cyber-attacks and/or data breaches preceding the date they disclosed the incident,” the suit states, adding that the FBI had even warned CorrectCare and other companies in the healthcare industry in August 2014 that hackers were targeting them.

The lawsuit seeks to represent any Georgia Department of Corrections inmates or pretrial detainee inmates whose private health information was compromised as a result of the data breach discovered by CorrectCare on or around June 6, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org's free weekly newsletter here.