A proposed class action has been filed against Dental Care Alliance, LLC over a Fall 2020 data breach that reportedly affected one million patients whose private health information was stored in DCA’s network.
The case alleges Dental Care Alliance maintained the data “in a reckless manner” that left the information vulnerable to cyberattacks. The suit claims that while the unauthorized disclosure of patients’ data was a “known risk” to the defendant, the company’s failure to take steps to protect the information left it in a “dangerous condition” that allowed the breach to occur.
“The Data Breach was a direct result of Defendant’s failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect consumers’ Private Information,” the complaint scathes, alleging that the breach would have been discovered sooner had Dental Care Alliance properly monitored its network.
Per the lawsuit, Dental Care Alliance provides practice support services to over 320 affiliated dental practices across 20 states. In the course of providing its services, which include insurance billing, customer service, accounting and payroll, information technology and operations management, the defendant maintains on its servers the private information of its clients’ patients, the suit says.
The lawsuit states that Dental Care Alliance became aware of a cybersecurity incident on its network in October 2020. After a cybersecurity firm was engaged to investigate, it was determined that confidential files belonging to one million patients had been accessed for nearly a month between September 18 and October 13, 2020, according to the suit.
The compromised information, the case says, included patients’ names, addresses, dental diagnoses, treatment information, patient account numbers, billing information, bank account numbers and health insurance data.
Dental Care Alliance waited until December 7, 2020 to notify affected patients yet offered no complimentary financial fraud or identity monitoring services, the lawsuit says.
The case alleges the defendant breached its duty under its contracts with clients, the Health Insurance Portability and Accountability Act (HIPAA), industry standards, common law and representations made to patients by failing to adequately protect their private information from unauthorized access and disclosure.
As a result of the breach, patients are now at an increased risk of identity theft and fraud given their private information “is now in the hands of data thieves,” the suit says.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Camp Lejeune residents may soon have the opportunity to claim compensation for harm suffered from contaminated water.