A proposed class action has been filed against Iowa Health System, Inc. (which does business as UnityPoint Health) over claims that the healthcare provider failed to protect patients’ medical information.
A proposed class action has been filed against Iowa Health System, Inc. (which does business as UnityPoint Health) over claims that the healthcare provider failed to protect patients’ medical information from being stolen in a security breach and then failed to offer any compensation for possible damages related to the incident.
UnityPoint, which serves parts of Wisconsin, Iowa and Illinois, reportedly suffered a data breach as a result of a “phishing attack” that compromised at least 16,429 patients’ protected health information, the suit says. The defendant supposedly discovered the breach sometime between February 7 and February 15, 2018, the suit goes on, but waited “more than two months” before notifying affected individuals.
The plaintiff claims she received a letter on April 17, 2018 informing her of the breach and urging her to take “precautionary measures” to protect her information. According to the suit, the letter falsely assured recipients that their Social Security numbers had not been stolen and that the defendant had “no information to date” indicating that the purportedly compromised information would be used “for any unintended purposes.” The case surmises that, on the contrary, the defendant knew Social Security numbers had been included in the security breach and was aware that it was “highly likely” the data would be used for “unintended purposes.”
“Rather than taking steps to fairly and fully inform [the plaintiff and proposed class members] about the true facts regarding the Privacy Breach and take ‘precautionary measures’ to mitigate the cost and injury to affected patients, Defendant instead misrepresented the nature, breadth, scope, harm, and cost of the Privacy Breach,” the complaint reads.
The plaintiff further argues that the defendant has not offered to pay for protective services nor any other “precautionary measures” it urged affected individuals to take. The woman claims that ever since the breach, she has been “inundated with unwanted, unsolicited, and unlawful spam emails and auto-dialed calls from unscrupulous operators” and was forced to purchase credit monitoring services.