University of Pittsburgh Medical Center (UPMC) and the Charles Hilton and Associates law company are confronting a class action lawsuit due to a breach of the protected health information (PHI) of 36,000 UPMC patients.
Charles Hilton and Associates, which takes care of UPMC’s collections, made an announcement that hackers had acquired access to the email accounts of a few of its workers between April and June 2020. According to the investigation results, the compromised accounts held the protected health information of UPMC patients, a few of which was possibly viewed or copied by the attackers.
The accounts comprised an array of information such as names, dates of birth, bank account details, driver’s licenses, Social Security numbers, health insurance data, and state ID card numbers. As stated in UPMC’s breach notice, there were no reports obtained that suggest the misuse of the information in the breached accounts; nevertheless, the lawsuit states the plaintiffs’ personal data and PHI was taken and utilized to open accounts in their names.
Vince Ranalli, the Lead plaintiff, obtained a letter from his bank a few weeks following the breach telling him that there’s a new account opened under his name without proper authorization. His Social Security number, driver’s license, and address were used to open the account. The attackers basically had all of his personal data. He also mentioned that his father was affected by the breach and received several credit cards for which he did not apply.
Allegedly, UPMC and Charles Hilton and Associates were negligent for not being able to protect the personal data and PHI of patients, intrusion of privacy, and other violations. Joshua P. Ward of J.P. Ward & Associates filed the lawsuit stating that they are seeking to curb the problem, find all the individuals impacted, get back monies for them to the degree they’re entitled and to secure their information.
