University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients.
Charles Hilton and Associates, which manages UPMC’s collections, reported that attackers had acquired access to the email accounts of a number of its staff from April to June 2020. As per the investigation findings, the compromised accounts had the protected health information of UPMC patients, a number of which were probably accessed or acquired by the hackers.
The accounts included a variety of records which include names, birth dates, bank account details, Social Security numbers, driver’s licenses, medical insurance data, and state ID card numbers. As mentioned in UPMC’s breach notice, there were no reports obtained that indicate the misuse of data in the breached accounts; nonetheless, the lawsuit claims the plaintiffs’ personal information and PHI were acquired and employed to open accounts using their names.
Lead plaintiff, Vince Ranalli, got a notice from his bank weeks right after the breach updating him that an unauthorized account was created using his name. His driver’s license, Social Security Number, and address were employed to register the account. The scammers essentially got most of his personal details. He additionally reported that his father was affected by the breach and got a number of credit cards for which he didn’t apply.
The lawsuit charges UPMC and Charles Hilton and Associates with negligence for the inability to safeguard the personal information and PHI of patients, breach of privacy, and other wrongdoing. Joshua P. Ward of J.P. Ward & Associates filed the legal action stating that they are looking to stop the problem, determine all the patients impacted, retrieve funds for them to the level they’re eligible, and safeguard their data.