in Newswire Published on May 4, 2018

UnityPoint Health Security Breach Sparks Lawsuit in Wisconsin

by Erin Shaak

Last Updated on May 16, 2018

View Comments

Fox, Yvonne v. Iowa Health System, Inc.

Filed: May 4, 2018 § 3:18cv327

Read Complaint

A proposed class action has been filed against Iowa Health System, Inc. (which does business as UnityPoint Health) over claims that the healthcare provider failed to protect patients’ medical information.

Defendant(s)

Iowa Health System, Inc. UnityPoint Health

Law(s)

State(s)

Wisconsin

Categories

Privacy Data Breach

A proposed class action has been filed against Iowa Health System, Inc. (which does business as UnityPoint Health) over claims that the healthcare provider failed to protect patients’ medical information from being stolen in a security breach and then failed to offer any compensation for possible damages related to the incident.

UnityPoint, which serves parts of Wisconsin, Iowa and Illinois, reportedly suffered a data breach as a result of a “phishing attack” that compromised at least 16,429 patients’ protected health information, the suit says. The defendant supposedly discovered the breach sometime between February 7 and February 15, 2018, the suit goes on, but waited “more than two months” before notifying affected individuals.

The plaintiff claims she received a letter on April 17, 2018 informing her of the breach and urging her to take “precautionary measures” to protect her information. According to the suit, the letter falsely assured recipients that their Social Security numbers had not been stolen and that the defendant had “no information to date” indicating that the purportedly compromised information would be used “for any unintended purposes.”  The case surmises that, on the contrary, the defendant knew Social Security numbers had been included in the security breach and was aware that it was “highly likely” the data would be used for “unintended purposes.”

“Rather than taking steps to fairly and fully inform [the plaintiff and proposed class members] about the true facts regarding the Privacy Breach and take ‘precautionary measures’ to mitigate the cost and injury to affected patients, Defendant instead misrepresented the nature, breadth, scope, harm, and cost of the Privacy Breach,” the complaint reads.

The plaintiff further argues that the defendant has not offered to pay for protective services nor any other “precautionary measures” it urged affected individuals to take. The woman claims that ever since the breach, she has been “inundated with unwanted, unsolicited, and unlawful spam emails and auto-dialed calls from unscrupulous operators” and was forced to purchase credit monitoring services.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on May 16, 2018 — 11:09 AM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.