A Connecticut-based marketing software company is under fire after a massive security failure allegedly left the personal health information of more than 232,000 individuals exposed to hackers — and months went by before affected patients were told.
Melissa Gifford of New Jersey, filing on behalf of her child whose data was compromised, launched a proposed nationwide class action Thursday in Connecticut federal court. The lawsuit accuses Cierant Corp. of negligence, breach of implied contract, and unjust enrichment following what she called an “entirely preventable” cyberattack.
Allegations of Reckless Data Storage
According to the complaint, Cierant, which partners directly with health insurers and plan administrators, recklessly stored sensitive data including names, birthdates, medical record numbers, and premium details. The company relied on a third-party transfer tool, Cleo’s VLTrader, a system allegedly “known to be vulnerable to cyberattacks.”
On Dec. 10, 2023, hackers exploited an unknown flaw in VLTrader, allowing unauthorized access to troves of medical data. Gifford contends the breach could have been prevented with basic cybersecurity safeguards such as timely patching, encryption, and proper network monitoring.
