SuperCare Health faces lawsuits over data breach

SuperCare Health, a respiratory care provider with locations throughout the United States, has been hit with multiple lawsuits over the past week following a breach of more than 300,000 individuals’ records.

The complaints concerning “unauthorized activity” disclosed by the provider in late March, in which an unknown party accessed certain systems in the network from July 23, 2021, to July 27, 2021.

According to SuperCare’s report to the US Department of Health and Human Services’ Office for Civil Rights Breach Portal, the incident affected the information of 318,379 people.

“We have no reason to believe that any information was published, shared or misused as a result of this incident,” said SuperCare on its website.

WHY IT MATTERS

As outlined by SuperCare in its posting, the data affected by the incident varied depending on the individual. It may include name, address, date of birth, hospital or medical group, patient account number, medical record number, health insurance information, testing/diagnostic/treatment information, other health-related information, and claim information.

The Social Security number or driver’s license number of a small subset of individuals may have been contained in the affected files. In their complaints, the plaintiffs say their information was compromised due to SuperCare’s negligence.

One complaint, filed by Vickey Angulo this past Tuesday individually and on behalf of those similarly situated in the US District for the Central District of California, says SuperCare failed to take “adequate and reasonable measures” to protect its data systems against unauthorized intrusions.

“Defendant’s data security obligations were particularly important given the substantial increase in ransomware attacks and/or data breaches in the healthcare industry preceding the date of the breach,” read the complaint.

Angulo is accusing SuperCare of violating the California Confidentiality of Medical Information Act and California’s Unfair Competition Law, along with breaching its implied contract and negligence.

Similarly, a complaint filed in the US District for the Central District of California this Tuesday by Hamid Shalviri on behalf of himself and all others similarly situated accuses the company of violations of California’s CMIA, negligence, breach of implied contract and invasion of privacy.

“To date, Defendant has offered individuals affected only one to two years of identity theft protection services through a single provider, IDX,” read Shalviri’s complaint.

“The service offered is inadequate to protect Plaintiff and Class Members from the threats they face for years to come, particularly in light of the PII and PHI at issue here,” the complaint continued.

Both proposed class-action lawsuits include demands for jury trials.

SuperCare did not respond to requests for comment by press time.

THE LARGER TREND

Healthcare represents the sector with the biggest jump in litigation related to data breaches.

A recent report from the law firm BakerHostetler found that 43 lawsuits were filed against healthcare organizations in 2021.

And that trend is continuing: Earlier this year, a complaint was filed against the electronic health record vendor QRS Inc. after a cyberattack led to the exposure of more than 300,000 individuals’ data.

ON THE RECORD

“Plaintiff and Class Members have a continuing interest in ensuring that their information is and remains safe, and they should be entitled to injunctive and other equitable relief,” read Shalviri’s complaint.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Leave a Comment