Keystone Health Responsible for 2022 Data Breach, Class Action Alleges
Last Updated on August 15, 2024
Brake v. Keystone Rural Health Center
Filed: November 8, 2022 ◆§ 1:22-cv-01784-CCC
Keystone Health has been hit with a class action that claims it failed to prevent a data breach that compromised its patients’ personal and health information.
Keystone Health has been hit with a proposed class action that claims the healthcare provider failed to prevent a “foreseeable” data breach in 2022 that compromised its patients’ personal and health information.
The 58-page lawsuit alleges Keystone Health’s failure to implement adequate cybersecurity measures allowed cybercriminals to access its systems between July 28 and August 19 of this year. The breach exposed consumers’ names, Social Security numbers, dates of birth, health insurance information, personal addresses, and sensitive patient medical treatment details, the filing relays.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The complaint alleges that Keystone Health detected the cyberattack on August 19 but waited two months before notifying affected individuals on October 14. The plaintiff, a Pennsylvania patient who gave birth to her son in a hospital operated by Keystone Health, claims to have received letters stating that hackers gained access to her and her son’s private information.
According to the complaint, Keystone Health’s notice of the incident was short on specifics.
“Defendant’s notice was not just untimely but woefully deficient, failing to provide basic details, including, but not limited to, how unauthorized parties accessed its networks, whether the information was encrypted or otherwise protected, how it learned of the Data Breach, whether the Breach occurred system-wide, whether servers storing information were accessed, and how many patients were affected by the Data Breach.”
Additionally, Keystone Health has failed to disclose why it waited to alert patients after detecting the data breach, and if all the exposed data, and copies of the data, have been recovered or destroyed, the case contends.
According to the suit, the healthcare provider has offered the plaintiff and affected individuals 12 months of Equifax credit monitoring, which is “woefully inadequate” given that patients will risk falling victim to identity theft crimes for years to come.
The complaint alleges that Keystone Health “intentionally, willfully, recklessly, or negligently” left consumers’ personal information vulnerable and unencrypted, despite repeated warnings to safeguard personal and health information and highly publicized ransomware attacks within the healthcare industry.
Further, the filing contends that Keystone Health “could and should have” implemented security measures recommended by the U.S. Cybersecurity & Infrastructure Security Agency or the Microsoft Threat Protection Intelligence Team.
Per the case, Keystone Health has overlooked minimum industry standards for cybersecurity and failed to comply with Federal Trade Commission guidelines for data security. The healthcare provider has also violated its obligations under the Health Insurance Portability and Accountability Act (HIPAA) and breached its privacy policy to safeguard patients’ information, the suit alleges.
The lawsuit looks to represent anyone in the United States whose private information was compromised during the Keystone Health data breach discovered in August 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.