Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A $110 million class action lawsuit has been lodged against CarePartners, a community nursing services corporation, after an alleged data breach exposed the personal and health information of patients and employees.
Lead plaintiff, Arthur Redublo, says that hackers managed to access both personal and health information about patients, as well as employee information from CarePartners’ computer network in 2018. The class action lawsuit Canada alleges that this information was “exfiltrated” on or around June 18, 2018.
According to the complaint, Arthur, a resident of Pickering, Ontario, was a patient of CarePartners in 2013 when he was recovering from an injury. He believes that his personal and health information was exposed in the 2018 data breach.
CarePartners Allegedly Refused to Pay Ransom
The data breach class action lawsuit alleges that CarePartners’ computer network was accessed by hackers in 2018. According to the complaint, after the breach the hackers ransomed the data, demanding money from the healthcare company to avoid having the data sold or posted online.
The plaintiff claims that CarePartners refused to pay the ransom and, as a result, his and other CarePartners’ patient and employee data was posted online. Not only was the data posted online, but CarePartners allegedly failed to inform its employees or patients affected by the breach until months later.
CarePartners Data Breach May Affect Hundreds of Thousands
The data breach class action lawsuit notes that CarePartners is one of Ontario’s largest private providers of healthcare services in Ontario. CarePartners’ services include out-patient care in people’s homes, schools, and offices. The company provides nursing, personal support, caregiver support, rehabilitation, and palliative care services, according to the complaint.
CarePartners employs approximately 4,500 people, says the plaintiff, and has provided care to an estimated 237,000 patients. As a result, the company allegedly collected and used “substantial amounts” of sensitive information about both groups.
“CarePartners was, and is, obliged to secure and safeguard the employee and patient Personal Information in its custody or control, much of which was stored electronically on CarePartners’ computer network,” contends the complaint. “It was, and is, obliged to take reasonable steps to ensure that Personal Health Information in its custody or control is not accessed or disclosed without authority, including being protected against theft or loss, and to ensure that records containing Personal Health Information are protected against unauthorized copying, modification or disposal.”
Cyber Security Measures Fail
According to the plaintiff, because of the extent of the personal and health information held by the company, CarePartners was “obliged to have effective, current and robust cyber security protective measures in place.” The data breach class action lawsuit argues that the ease at which third party hackers were able to access CarePartners’ data was evidence of its wholly inadequate security measures.
“[CarePartners’] cyber security protective measures, if any, were antiquated, inadequate, unreasonable, and readily penetrable by third parties,” states the complaint. “CarePartners even failed to encrypt the Personal Information stored on its computer network, which was a patent breach of the relevant standard of care that it was obliged to meet to protect the Class Members’ privacy.”
CarePartners Fails to Protect, Inform Patients, Employees of Breach
In addition to failing to protect the personal and health information in its care, CarePartners also allegedly failed to stop the hackers from posting this data online. According to the plaintiff, the hackers demanded a ransom in exchange for not posting CarePartners’ patient and employee data online. CarePartners refused to pay the ransom.
According to the CarePartners class action lawsuit, the plaintiff and others whose information was exposed were not informed that their personal and patient information had been posted online until months later.
“Rather than provide the affected individuals with timely disclosure of the relevant facts of the Breach, CarePartners did not notify the Class of the Breach until months after the Breach occurred, and not until after portions of the Breach data, including the plaintiff’s medical records, were leaked to the media,” alleges the complaint. “The failure to provide timely notice of the Breach to the Class exacerbated the risks and dangers to the Class arising from them having been the victims of a privacy breach”
The proposed class action lawsuit seeks to represent two subclasses: First, patients of CarePartners whose information was disclosed in the breach. Additionally, the plaintiff wishes to represent employees who were allegedly exposed in the breach.
In addition to $110 million in damages, the CarePartners data breach class action lawsuit is seeking court declarations that the company breached the privacy rights of Class Members under health privacy laws and violated the Consumer Protection Act.
Ransomware, Data Breach Attacks Plague Canada
CarePartners is far from the first entity in Canada to be targeted by a data breach and ransomware attack and accused of failing to protect user data. Recently, an American financial software company was hit with a class action lawsuit after it was targeted by cybercriminals in a 2020 data breach.
Even the RCMP has been targeted by hackers. A group of activists reportedly accessed internal emails, memos, and other data from the police agency.
Was your personal and/or health information exposed in the CarePartners data breach? We want to know what you think about the class action lawsuit allegations! Tell us in the comment section below.
The lead plaintiffs and proposed Class Members are represented by Margaret L. Waddell and Tina Q. Yang of Waddell Phillips Professional Corporation, Paul Miller and Christine Sesek of Howie, Sacks & Henry LLP, and Cary Schneider and Adam Warner of Schneider Law Firm.
The CareParters Data Breach Class Action Lawsuit is Redublo v. CarePartners/Community Nursing Services Foundation, Case No. CV-20-00647324-00CP, in the Ontario Superior Court of Justice, Canada.
Read More Lawsuit & Settlement News:
Canada’s Largest Sperm Bank Faces Lawsuits For Misleading Families About Donor
Canadian Families Seek Justice for Victims of the Beirut Explosions
Long-Term Disability Lawyer | Insurance Claim Denial Help
Pandemic Business Interruption Insurance Canada Potential Lawsuit
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
3 thoughts onCarePartners Targeted in Class Action Lawsuit After Data Breach
I worked for this company can I be apart of this as well
i work for this company can I be part of the class action?
Also carepartners has told its Belleville mangers that we are not getting any gift card this year because carepartners cant afford to because of this class action lawsuit. cheap.
Not only did they not inform the clients they refused to answer employee questions concerns .They were offered to pay for the data and were warned the data would be leaked, they chose to leak data by refusifng to pay. In other countries hospitals have been hacked and have payed.
i work for this company can i be part of the class action?
also carepartners has told its belleville mangers that we are not getting any gift card this year because carepartners cant afford to because of this class actio lawsuit.
not only did they not inform the clients they refused to answer employee questions concers .they were offered to pay for the data and were warned th edata would be leaked. they chose to leak data by refusifng to pay. in other countries hospitals have been hacked and have payed.