‘Particularly Egregious’: US Fertility Hit with Class Action Over Month-Long 2020 Data Breach

[mood]

‘Particularly Egregious’: US Fertility Hit with Class Action Over Month-Long 2020 Data Breach

 

US Fertility, LLC faces a proposed class action centered on a reported September 2020 data breach in which hackers armed with ransomware gained access to a trove of personal information from the fertility clinic support services company’s clients.

 

The 29-page lawsuit in Maryland federal court says hackers were able to access US Fertility’s cloud-based systems from August 12 through September 14, 2020, and viewed patients’ names, dates of birth, addresses, Social Security numbers, driver’s licenses and state ID numbers, passport numbers, medical treatment and diagnosis information, medical record details, health insurance and claims specifics and credit and debit card information. 

 

Rather than immediately alerting those affected that their sensitive information had been compromised, US Fertility waited more than two months before notifying fertility clinic patients in November 2020 that its systems had been hit by a ransomware attack, the complaint states. 

 

Stressed in the lawsuit is the particularly sensitive and private nature of the information of fertility clinic patients, who may be going through treatments to have a baby and reasonably expect their personal data to be protected and remain confidential. 

“Accordingly, this data security breach is particularly egregious to the victims identified herein,” the suit says.

 

The lawsuit pins blame for the data breach on US Fertility’s “carelessness and inadequate data security,” claiming fertility clinic patients have, as a result, lost “all sense of privacy.” Many proposed class members have suffered “irreparable harm” and now face an increased risk of identity theft and fraud due to the defendant’s “inadequate and laxed [sic] approach” to data security, the complaint alleges. 

 

According to the suit, proposed class members’ privacy rights were “disregarded” by US Fertility’s “reckless and/or negligent failure” to properly safeguard their data, as well as timely disclose the incident and the material fact that it did not have strong enough computer systems to protect patient information. Noted in the complaint is that US Fertility markets itself as providing “secure data management” services for fertility clinics. 

 

 

Source: ‘Particularly Egregious’: US Fertility Hit with Class Action Over Month-Long 2020 Data Breach