Lincare Holding and Transformative Healthcare and Their Data Breach Lawsuits

Lincare Holdings Offers $7.25 Million Settlement of Data Breach Lawsuit

Regarding the Lincare Holdings Inc. Data Breach Litigation, Lincare Holdings proposed a $7.25 million settlement to resolve the class action lawsuit filed over a data breach in September 2021 that impacted 2,918,444 people.

Lincare Holdings is a company that provides in-home respiratory care and equipment. There was unauthorized activity in its network that was discovered in September 2021 . It was confirmed by a forensic investigation that an unauthorized third party acquired access to records that contained patient information. The breached protected health information (PHI) included names, Lincare account numbers, birth dates addresses, account or record numbers, treatment data, names of providers, dates of service, diagnosis and procedure details, medical insurance data, and prescription data, and for some impacted persons, Social Security numbers.

The affected individuals took legal action alleging that Lincare Holdings was at fault for not implementing reasonable and proper cybersecurity procedures. If those security measures were put in place, the data breach might have been prevented. Lincare did not admit any wrongdoing, instead, it offered a settlement to conclude the lawsuit.

Class members are going to be allowed to file claims for about $5,000 as repayment for out-of-pocket expenses reasonably trackable to the data breach, which include around 4 hours of lost hours at $20 per hour. Included in recoverable losses are credit fees, bank fees, communication expenses, unreimbursed fraudulent costs, and losses to identity theft. Those who were residents of California during the breach may likewise file a claim for an extra $90.

All class members qualify to get a membership to Medical Shield services for one year, which consists of medical record tracking, medical insurance monitoring, dark web monitoring, real-time authentication notifications, high-risk transaction tracking, provider monitoring, Medicare monitoring, ICD monitoring, HSA monitoring, credit freeze support, and identity theft remediation assistance. They will likewise be protected by an identity theft insurance policy for $1 million.

Claims should be filed by April 15, 2024, and any class member who objects to or does not want to include themselves in the settlement should do so on or before March 14, 2024. The schedule of the final hearing is on June 12, 2024.

The plaintiff and class members were represented by Morgan & Morgan’s John A. Yanchunis; Turke & Strauss LLP’s Raina Borrelli; Barrack Rodos & Bacine’s Stephen R. Basser; Wolf Haldenstein Adler Freeman & Herz LLC’s Carl V Malmstrom; and Milberg Coleman Bryson Phillips Grossman PLLC’s Alexandra M Honeycutt.

Over 911,000 People Impacted by Fallon Ambulance Service Data Breach

The lawyer for medical, transportation & logistics company, Transformative Healthcare based in Newton MA, has reported a data breach to the HHS’ Office for Civil Rights and that 911,757 persons were affected. The data breach impacted people who received Fallon Ambulance Service services, which was Transformative Healthcare’s medical transportation arm in Massachusetts. Fallon gave support to patient emergencies around the greater Boston area and offered administrative services for partner medical transportation businesses.

In September 2022, Coastal Medical Transportation Systems acquired Fallon Ambulance Service and stopped in December 2022 its business operations. To be compliant with legal data retention conditions, Transformative Healthcare kept an archived copy of the information that was formerly kept on the computer systems of Fallon. On or about April 21, 2023, Transformative Healthcare discovered unauthorized activity inside its archive storage. Fallon took immediate action to stop further unauthorized access and launched an investigation to find out the scope of the breach. According to the forensic investigation, an unauthorized third party accessed the archive on February 17, 2023, and kept access to the archive up to April 22, 2023. In that period, it copied files from the archive.

The analysis of the breached files was done on December 27, 2023, when it was established that the files included names, Social Security numbers, addresses, medical data such as COVID-19 testing/ vaccination data, and data given to Fallon in association with work or application for work.

Although the information was accessed from the archive, Fallon or Transformative Healthcare did not find any proof that suggests the misuse of the information. Impacted patients were informed via mail on December 27, 2023, and offered credit monitoring and identity theft protection services.

Transformative Healthcare Faces Lawsuit Because of the Fallon Ambulances Service Data Breach

Transformative Healthcare is dealing with legal action in association with a recently reported data breach that impacted 911,757 Fallon Ambulance Service patients. Coastal Medical Transportation Systems, LLC is named a defendant in the lawsuit. Coastal Medical Transportation Systems acquired Fallon Ambulance Services in September 2022, though the compromised data was placed in an archive prior to the acquisition.

The Daniel Durgin v. Transformative Healthcare, LLC, and Coastal Medical Transportation Systems, LLC lawsuit was filed on January 18, 2023 in the U.S. District Court for the District of Massachusetts on behalf of Daniel Durgin, who availed the emergency medical transportation services of Fallon Ambulance Service before its operations stopped in December 2022. The lawsuit claims the defendants ought to have known how to secure sensitive information, but did not apply reasonable and proper cybersecurity procedures and conform with industry security criteria, which enabled hackers to access the sensitive information of the plaintiff and class members.

The lawsuit states the plaintiff and class have sustained costs and expenditures related to the time expended mitigating the effects of the data breach, which include reviewing credit reports for indicators of misuse of data, buying credit monitoring services, and working with withdrawal and purchase restrictions on their accounts, along with the loss of property value of their personal data, and stress, nuisance, and frustration of needing to face the problems brought on by the data breach.

The plaintiff and class asset allege negligence, unjust enrichment/quasi-contract, breach of implied contract, and breach of fiduciary duty. The lawsuit wants a jury trial, class-action status, injunctive relief, and statutory and monetary compensation.

Nicholas A. Migliaccio, Jason Rathod of Migliaccio & Rathod LLP, and David Pastor of Pastor Law Office, PC represent the plaintiff and class.