Tandem Diabetes Care Hit with Class Action Lawsuit After ‘Phishing Incident’ Exposed Patient Information [UPDATE]
by Erin Shaak
Last Updated on April 17, 2020
C.H. v. Tandem Diabetes Care, Inc.
Filed: April 1, 2020 ◆§ 3:20-cv-00634-JM-LL
Tandem Diabetes Care, Inc. faces a class action in the wake of a January 2020 security incident that reportedly exposed patients’ confidential medical information.
Tandem Diabetes Care, Inc. faces a proposed class action in the wake of a security incident that reportedly exposed patients’ confidential medical information between January 17 and 20, 2020.
According to the case, the San Diego-based diabetes treatment provider informed patients in a March 17, 2020 letter of a “phishing” incident that allowed unauthorized third parties to access “a large number of patients’ personal information” through an employee email account. Among the allegedly disclosed information was patient names, social security numbers, and “other private, confidential patient information” that may have included billing and insurance information, referral data, and appointment records.
The lawsuit claims Tandem has yet to disclose the identity of any third parties who may have accessed patient information, nor specifically which data was exposed.
According to the suit, Tandem’s alleged failure to prevent the data breach is a violation of California’s Confidentiality of Medical Information Act (CMIA), which stipulates that healthcare providers in the state may not disclose patients’ medical information without first obtaining their authorization.
The suit seeks damages of $1,000 for each violation of the CMIA on behalf of anyone who received medical care from the defendant and whose “identities, personal data, and medical information” were contained in an email account that was discovered around January 17, 2020. A California-only subclass has also been proposed for consumers who fit the same criteria.
Before commenting, please review our comment policy.