CareSource's Data Leak Leads to Class-Action Lawsuit; Plaintiffs Experience Anxiety After Learning the Breach

Here's what plaintiffs accuse CareSource of.

CareSource is now facing a class-action lawsuit after one of its vendors suffered from a major software breach.

The cybersecurity attack specifically targeted MOVEit. Since this software firm is one of CareSource's vendors, the Ohio-based Medicaid and Medicare plan provider also suffers.

CareSource's Data Leak Leads to Class-Action Lawsuit

CareSource's Data Leak Leads to Class-Action Lawsuit; Plaintiffs Experience Anxiety After Learning the Breach
An engineer from the Israeli company "Commun.it" uses his expertise in social media commercial analysis to identify networks of fake users during at the group's office in the Israeli city of Bnei Brak near Tel Aviv on January 23, 2019. JACK GUEZ/AFP via Getty Images

On Thursday, Sept. 21, a class action was filed on behalf of three individuals who claim the latest CareSource data breach personally impacted them. The legal action comes days after the healthcare plane service provider announced that the MOVEit software had been hacked on May 31.

CareSource confirmed that it patched the breached MOVEit software on June 1 and June 27, as instructed by their vendors. Because of this, it was named as one of the hack's victims.

"We are sorry to say that some of your protected health information was part of the data stolen by the bad actor," said CareSource via Yahoo News. Based on the letter issued by the healthcare company to its clients, the data breach affected the following information:

  • Addresses
  • Date of birth
  • Medications
  • Health plan details
  • Social Security Numbers (SSNs)
  • Birth dates
  • First and last names

CareSource said that individuals most likely impacted are those who sign up for two years of credit monitoring via Kroll.

What CareSource is Accused Of?

CareSource's Data Leak Leads to Class-Action Lawsuit; Plaintiffs Experience Anxiety After Learning the Breach
A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop. - The unprecedented global ransomware cyberattack has hit more than 200,000 victims in more than 150 countries, Europol executive director Rob Wainwright said May 14, 2017. ROB ENGELAAR/ANP/AFP via Getty Images

WHIO TV 7 reported that the plaintiffs accuse CareSource of failing to secure its network. Aside from this, the three individuals also claim that the healthcare firm couldn't notify its clients when needed.

They explained that although CareSource was aware of the breach as early as June 1, the company did not inform victims until Aug. 24. Aside from this, here are other accusations CareSource is facing in the latest class-action lawsuit:

  • Failed to comply with regulatory, ethical, and industry standards to ensure the security and confidentiality of sensitive information.
  • Failed to respond to a foreseeable data breach adequately.
  • Failed to make sure any vendors it elects to offload sensitive information to could be entrusted and would safeguard sensitive data.

The plaintiffs are seeking compensation for the damages caused by the CareSource data leakage. These include damages to credit, fraudulent charges, loss of privacy, etc.

They also claim that the CareSource software breach also led to emotional distress and anxiety, which plaintiffs experienced after knowing their personal information was leaked.

Real Time Analytics