CareSource is now facing a class-action lawsuit after one of its vendors suffered from a major software breach.
The cybersecurity attack specifically targeted MOVEit. Since this software firm is one of CareSource's vendors, the Ohio-based Medicaid and Medicare plan provider also suffers.
CareSource's Data Leak Leads to Class-Action Lawsuit
On Thursday, Sept. 21, a class action was filed on behalf of three individuals who claim the latest CareSource data breach personally impacted them. The legal action comes days after the healthcare plane service provider announced that the MOVEit software had been hacked on May 31.
CareSource confirmed that it patched the breached MOVEit software on June 1 and June 27, as instructed by their vendors. Because of this, it was named as one of the hack's victims.
"We are sorry to say that some of your protected health information was part of the data stolen by the bad actor," said CareSource via Yahoo News. Based on the letter issued by the healthcare company to its clients, the data breach affected the following information:
- Addresses
- Date of birth
- Medications
- Health plan details
- Social Security Numbers (SSNs)
- Birth dates
- First and last names
CareSource said that individuals most likely impacted are those who sign up for two years of credit monitoring via Kroll.
What CareSource is Accused Of?
WHIO TV 7 reported that the plaintiffs accuse CareSource of failing to secure its network. Aside from this, the three individuals also claim that the healthcare firm couldn't notify its clients when needed.
They explained that although CareSource was aware of the breach as early as June 1, the company did not inform victims until Aug. 24. Aside from this, here are other accusations CareSource is facing in the latest class-action lawsuit:
- Failed to comply with regulatory, ethical, and industry standards to ensure the security and confidentiality of sensitive information.
- Failed to respond to a foreseeable data breach adequately.
- Failed to make sure any vendors it elects to offload sensitive information to could be entrusted and would safeguard sensitive data.
The plaintiffs are seeking compensation for the damages caused by the CareSource data leakage. These include damages to credit, fraudulent charges, loss of privacy, etc.
They also claim that the CareSource software breach also led to emotional distress and anxiety, which plaintiffs experienced after knowing their personal information was leaked.