CaptureRx Confronting Multiple Class Action Lawsuits Due to the Ransomware Attack Impacting 2.4 Million Patients

CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack.

NEC Networks, also known as CaptureRx, offers IT assistance to hospitals to help them take care of their 340B drug discount packages. By means of providing those offerings, CaptureRx gets the protected health information (PHI) of patients.

On approximately February 6, 2021, CaptureRx found suspicious activity in parts of its IT systems, such as the encryption of files. The investigation established that files filled with the PHI of 2,400,000 and up patients were exposed in the attack.

CaptureRx mentioned in its breach notification letters that all policies and procedures are being examined and upgraded and extra staff training is being done to lessen the possibility of the same future event. Affected persons were cautioned to continue to be wary against happenings of identity theft and fraudulence, to evaluate account statements and explanation of benefits forms, and to check free credit reports for suspicious activity and to find errors.

On July 21, 2021, plaintiff Michelle Rodgers filed a lawsuit in the U.S. District Court for the Western District of Texas. Rodgers is ARcare’s patient in Augusta, AR, whose personal information and PHI were breached in the attack.

Rodgers, and the class members, assert that CaptureRx was responsible for not using and sustaining reasonable steps and had not adhered to industry-standard data security tactics to be sure the secrecy of their PHI, breaking government and state rules. The plaintiff and class members seek monetary damages and injunctive and declaratory relief.

An identical lawsuit had formerly been submitted in the District Court for the Western District of Texas identifying Mark Vereen as plaintiff, which names Capturerx Nec Networks, and Midtown Health Center in Los Angeles as defendants. The lawsuit states the defendants were at fault for not doing the needed steps to stop a data breach, the risk of which must have been widely recognized. The plaintiffs in that legal action claim they are vulnerable to harm that can be enduring and critical,” which may carry on for several years and that the defendants broke the Federal Trade Commission regulations and HIPAA. The lawsuit perceives above $5 million in losses.

A Missouri local filed a legal action in federal court in Kansas City on behalf of all residents in Missouri impacted by the breach, wanting no less than $5 million in damages.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.