FOLLOW US

Southeastern health care provider PruittHealth Inc. faces a proposed class action, alleging that its insufficient security measures led to the theft of personal information belonging to a North Carolina woman and over 56,000 others in a 2023 data breach.

Data Breach and Delayed Notification

In a lawsuit filed in Georgia federal court Wednesday, Tina Clayton, a former PruittHealth employee, asserted that the company should be held accountable for its "inadequate safeguarding" of data, which allowed hackers to penetrate its systems. Clayton claimed that the company delayed more than six months in notifying affected individuals about the breach, long after the hackers allegedly published the stolen information on the dark web. "Because of the data breach, plaintiff and class members have been exposed to a heightened and imminent risk of fraud and identity theft. Plaintiff and class members must now and in the future closely monitor their financial accounts to guard against identity theft," Clayton stated in the complaint.

PruittHealth Data Breach Class Action : Details of the Breach

The data breach occurred in November 2023 when "foreign actors" gained access to PruittHealth's system. Initially, the hackers threatened to leak the information if a ransom was not paid. On December 7, 2023, the hackers claimed to have published the stolen files on their blog site. However, by the time PruittHealth's forensic specialists attempted to access the files, the blog site had been taken down, and the files were no longer accessible. "As a result, PruittHealth is not able to confirm whether your information was exposed," the company stated in its disclosure. PruittHealth serves approximately 24,000 patients daily across the Southeast.

Inadequate Cybersecurity Measures

The stolen files included sensitive information such as names, dates of birth, Social Security numbers, bank account details, insurance information, and healthcare records. Clayton argues that PruittHealth's failure to meet minimum industry standards for cybersecurity, especially those required for handling sensitive medical information, led to the breach. Alleged shortcomings include the use of outdated computers, inadequate employee training on security protocols, and a lack of procedures to handle ransomware attacks.

PruittHealth Data Breach Class Action : Impact on Victims

Although Clayton has not reported any direct fraud incidents, she and other victims have been compelled to spend significant time monitoring their financial records and updating security measures. "Now she checks her bank accounts and credit cards throughout the day each day, spending approximately an hour per week just monitoring accounts because of defendant's data breach," Clayton noted. She highlighted the substantial risk of out-of-pocket fraud losses, such as fraudulent loans, medical services billed in victims' names, tax return fraud, and credit card fraud.

Legal Claims and Relief Sought

Clayton's lawsuit asserts claims for negligence, breach of contract and fiduciary duty, and unjust enrichment. She is seeking an injunction requiring PruittHealth to enhance its cybersecurity protocols and provide lifetime credit monitoring for affected individuals. Additionally, Clayton is pursuing monetary damages and attorney fees.