A class action lawsuit was recently filed alleging Maternal and Family Health Services (MFHS) is responsible for a data breach that reportedly occurred between August 21, 2021 until April 4, 2022 and compromised the personal information of more than 461,000 current and former patients, employees and vendors..
MFHS Negligence Responsible For Data Theft
The lawsuit suit claims the nonprofit, which operates several health and nutrition centers throughout Eastern Pennsylvania, fell victim to an eight-month data breach due to its failure to properly secure and safeguard sensitive information stored on its network. According to the lawsuit, hackers gained access to customers’ names, addresses, dates of birth, Social Security and driver’s license numbers, financial account/payment card information, usernames and passwords, and medical and/or health insurance information.
As a result of MFHS’s negligence, at least 461,070 data breach victims face a lifetime risk of fraud and identity theft as their information may be bought and sold on the dark web, the complaint asserts.
MHFS Waited Nine Months To Notify Victims That Their Identities Are At Risk
According to the lawsuit, MFHS became aware of the ransomware attack on April 4th 2022 but waited until Jan 3 2023 – a further nine months before notifying affected individuals.
Although MFHS stated that it is “committed to strengthening our systems’ security to prevent this kind of incident from happening again,” the nonprofit has not offered any specifics about what remedial measures it plans to undertake, the lawsuit says.
MHFS Failed To Comply With Minimum Industry Data Protection Standards
The complaint alleges the nonprofit left itself vulnerable to the cyber attack by failing to comply with minimum industry standards for cybersecurity, which according to the case constitutes an “unfair act or practice” prohibited under the Federal Trade Commission Act.
MFHS’s deficient data security practices are particularly egregious considering that data breaches are a notorious and foreseeable threat to companies that store personal data in their systems.
The suit seeks to represent anyone in the United States whose sensitive personal information was compromised in the data breach announced by Maternal and Family Health Services on or about January 3, 2023.
The action is seeking to ensure that MFHS comply with required federal standards of data care as well as damages and relief for class members who are identified as having their personal information exposed as a result of this breach.
Case Statud: Open – Not Accepting New Clients