Eye care leaders facing data breach class action lawsuit in December 2021

ByMartha R. Camara

Jul 13, 2022

Eye Care Leaders is facing a proposed class action lawsuit following a December 2021 cyberattack in which “criminal hackers” gained access to the company’s myCare Identity medical records platform.

The 43-page lawsuit says Eye Care Leaders’ response to the data breach was “sporadic” and the patient management software provider “still does not appear to have a full understanding of the extent” of the breach. incident, which reportedly began around December 4, 2021 and affected at least 348,000 people “and likely many more”.

The complaint attributes the incident to Eye Care Leaders’ alleged “lax data security”. Victims now face an immediate and ongoing risk of harm from fraud and identity theft, the case highlights, noting that this would be the third data breach by Eye Care Leaders in less than 10 month.

According to the lawsuit, notices sent by defendant ECL Group, LLC to data breach victims were “fragmented” as some affected clinics were notified of the incident in March 2022 while others “appear to have had no received notice only recently”. In fact, according to the complaint, some clinics sent notice to their patients as recently as June 2, 2022, about six months after the breach allegedly took place.

According to the lawsuit, Eye Care Leaders, despite being the only entity with knowledge of the extent of the data breach, did not notify the victims directly and instead instructed its customers to inform their patients that their sensitive data had been damaged. been compromised.

“However, the clinics’ data breach notices appear to have been written by eye care officials and make it clear that the eye care officials, not the clinic, were breached,” the filing points out.

The case says patient names, birth dates, medical records and social security numbers, health insurance information and treatment details were exposed to unauthorized access during the data breach Eye Care Leaders. According to the filing, Eye Care Leaders provides services to approximately 9,000 ophthalmologists nationwide.

This is not the first inappropriate disclosure of sensitive patient data by Eye Care Leaders, the lawsuit says. In March 2021, the company suffered a ransomware attack that impacted its iMedicWare platform, causing an outage that lasted several days and disrupted clinical practices. Last August, Eye Care Leaders reportedly suffered another attack related to its myCare Integrity platform. Although the company informed customers that it was facing “performance” or “system” issues, the platform was actually hit by a ransomware attack, according to the lawsuit.

“Thus, the data breach here was Eye Care Leaders’ third data breach in less than ten months,” the lawsuit states.

The lawsuit seeks coverage for all individuals whose information was compromised during the Eye Care Leaders data breach or who were notified that their information was compromised during the incident.

Get class action news delivered to your inbox – sign up for ClassAction.org’s free weekly newsletter here.