Southeastern health care provider PruittHealth Inc. faces a proposed class action, alleging that its insufficient security measures led to the theft of personal information belonging to a North Carolina woman and over 56,000 others in a 2023 data breach.
Data Breach and Delayed Notification
In a lawsuit filed in Georgia federal court Wednesday, Tina Clayton, a former PruittHealth employee, asserted that the company should be held accountable for its “inadequate safeguarding” of data, which allowed hackers to penetrate its systems. Clayton claimed that the company delayed more than six months in notifying affected individuals about the breach, long after the hackers allegedly published the stolen information on the dark web.
“Because of the data breach, plaintiff and class members have been exposed to a heightened and imminent risk of fraud and identity theft. Plaintiff and class members must now and in the future closely monitor their financial accounts to guard against identity theft,” Clayton stated in the complaint.
PruittHealth Data Breach Class Action : Details of the Breach
The data breach occurred in November 2023 when “foreign actors” gained access to PruittHealth’s system. Initially, the hackers threatened to leak the information if a ransom was not paid. On December 7, 2023, the hackers claimed to have published the stolen files on their blog site. However, by the time PruittHealth’s forensic specialists attempted to access the files, the blog site had been taken down, and the files were no longer accessible.
