Lawsuit alleges EMSI’s negligence to properly secure network enabled hackers to steal personal and medical information of 542k customers.
A lawsuit was recently filed against Electrostim Medical Services, Inc., which does business as EMSI, alleging that the Company failed to adequately secure its IT network allowing an “unknown and unauthorized third party” to access its computer systems. As a result, The sensitive personal data of 542,990 consumers has been compromised.
On December 28, 2023, EMSI filed a notice with the U.S. Department of Health and Human Services Office for Civil Rights describing a data breach affecting consumers nationwide. Electrostim Medical Services also posted a website notice describing the breach.
According to the notice, on May 13, 2023, EMSI detected suspicious activity within its computer network. In response, the company secured its IT network and commenced an investigation with the help of third-party data security specialists, ultimately confirming that an unauthorized party accessed confidential information stored on the company’s network between April 27, 2023 and May 13, 2023.
EMSI Failed To Adequately Secure Network
The lawsuit contends that “Defendant could have prevented this data breach by properly securing and encrypting the files and file servers containing the private information of plaintiff and class members.” Per the case, EMSI “knew or should have known” of the risks associated with overlooking its data security obligations given the prevalence of recent high-profile cyberattacks, especially in the healthcare industry.
What Information Was Stolen?
The list of sensitive information that was exposed includes:
- Email addresses,
- Phone numbers,
- Diagnosis information,
- Insurance information,
- Subscriber numbers, and
- Order information.
The filing stresses that affected individuals now face a heightened risk of identity theft or fraud and may be forced to spend a substantial amount of time and money mitigating the effects of the breach.
EMSI Waits Six Months Before Notifying Affected Individuals
Although EMSI claims to have detected the intrusion in mid-May 2023, the company waited more than six months before it began to notify data breach victims, the filing shares. The case argues that the defendant’s notice letter which was sent around December 28, is deficient in that it failed to reveal “critical facts” about the incident, including details about its root cause, the vulnerabilities that were exploited and what steps have been taken to ensure data is safeguarded in the future.
“Without these details,” a victim’s ability to mitigate the harms caused by the exposure of their private information is “severely diminished,” the case contends.
Join The EMSI Data Breach Class Action
If you receive a data breach notice from EMSI, you could now be at risk of identity theft and the devastating financial and legal consequences that go along with it.
The lawsuit looks to cover anyone in the United States whose private information was maintained on EMSI’s computer systems that were compromised in the data breach announced by the company in December 2023.
Please complete the below form and a data breach attorney will contact you. There is no cost to you and no obligation on your part.