By John Fitzgerald
A Rhode Island health care center did not use reasonable security procedures to protect the sensitive personal information it was maintaining, which led to a data breach affecting more than 34,000 current and former employees, a proposed class-action lawsuit says.
The suit, filed May 14 in the U.S. District Court for the District of Rhode Island, alleges that Blackstone Valley Community Health Care Inc. failed to employ encryption and other industry-standard practices, even though health care entities in possession of personally identifiable information are particularly susceptible to cyberattacks.
BVCHC operates six clinics in Pawtucket and Central Falls, Rhode Island, and “provides a full range of affordable services from pediatrics to behavioral health,” according to its website.
The company says it experienced a disruption in its computer service Nov. 11, 2023. An investigation uncovered a data breach that exposed the PII of more than 34,000 current and former employees, according to documents supplied to the Maine attorney general’s office.
The exposed PII included employee names and Social Security numbers, which is now in the hands of cybercriminals, according to the complaint.
The data breach was a “direct result” of BVCHC’s failure to implement adequate and reasonable cybersecurity procedures and protocols, the complaint says.
The company did not comply with Federal Trade Commission guidelines or industry information protection standards, the suit says.
Plaintiff Alba Peralta Perez of Providence, Rhode Island, says that because of the data breach, she has suffered diminution to the value of her PII, loss of the benefit of the bargain and lost time attempting to mitigate the effects of the data breach.
She has also seen a marked increase in spam calls, texts and emails since the breach, according to the complaint.
Perez, a former BVCHC employee, seeks to represent a nationwide class of all those whose PII was exposed in the data breach. Her lawsuit alleges negligence, breach of implied contract and unjust enrichment.
She asks for an injunction forcing BVCHC to encrypt all the PII under its control, delete any unnecessary PII it retains and increase the security of its computer systems. She also asks for damages, attorney fees and costs.
This article was originally published by Westlaw Today.
Get all the latest tax, accounting, audit, and corporate finance news with Checkpoint Edge. Sign up for a free 7-day trial today.
