SuperCare Health Faces Legal Action Regarding 318,000-Record Data Breach

Legal action was taken versus the in-home respiratory care company, SuperCare Health, because of a cyberattack and information breach report sent to the Department of Health and Human Services as of March 28, 2022. The occurrence concerned the compromise and likely theft of the protected health information (PHI) of 318,400 patients, which include names, dates of birth, addresses, medical record numbers, patient account numbers, testing, diagnostic, treatment data, medical insurance details, and claims data. A part of the people additionally had their Social Security numbers and/or driver’s license numbers compromised.

SuperCare Health stated unauthorized persons acquired access to its system between July 23, 2021 and July 27, 2021, however, did not make known the specifics of the cyberattack. SuperCare Health was just able to confirm on February 4, 2022 that the files likely accessed during the attack comprised patients’ PHI. It mailed notification letters on March 25, 2022, and as per the notice given to the California Attorney General, the impacted persons were provided credit monitoring and identity theft protection services.

Legal cases filed in relation to healthcare data breaches are getting more typical. As per a recently publicized report by the law agency BakerHostetler, legal cases are typically now filed in relation to rather minor healthcare data breaches and it is normal to file multiple lawsuits. In 2021, the law company was engaged in 23 incidents, and 58 legal cases were sent in with respect to those breaches. 43 of the lawsuits that were submitted involved healthcare data breaches and 11 of the legal cases were sent in for breaches impacting less than 700,000 persons.

The SuperCare Health lawsuit was registered in the United States District Court for the Central District of California on April 12, 2022, two weeks following the sending of notification letters to patients. The legal action, Vickey Angulo v. SuperCare Health, claims SuperCare Health hadn’t implemented sufficient and acceptable cybersecurity processes and protocols to protect the personal information and protected health information of the plaintiff and members of the class, regardless of an identified threat of cyberattacks and data breaches at medical care companies, which are quite high. The lawsuit likewise claims SuperCare Health didn’t conform to the security regulations and standards of the Federal Trade Commission, National Institute of Standards and Technology, and Health Insurance Portability and Accountability Act (HIPAA), and broke state regulations.

The lawsuit states SuperCare Health just offered little specifics to victims regarding the nature of the attack and data breach and didn’t advise patients concerning the data breach for over 6 months subsequent to its discovery. The plaintiff explained she got a notification that unauthorized people viewed her data, which involved her electronic medical records, yet wasn’t given enough credit monitoring and identity theft protection services or suitable settlement for the damage caused.

The plaintiff states she has sustained actual harm because of the data breach, which includes damage to and minimization of the importance of her private details, and a considerable and present, forthcoming injury from the greater danger of identity theft and fraud, and says that her personal information and PHI continues to be accessible to the people, which would allow any person to make use of the data for nefarious reasons.

The legal action wants class action certification, a jury trial, repayment of damages, repayment of out-of-pocket expenditures, and a lifetime of credit monitoring services, as well as for SuperCare Health to enhance its security networks and submit to potential yearly security assessments.


About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at