[BreachExchange] Class action commenced against CarePartners over privacy breach affecting hundreds of thousands of Ontarians

[Destry Winant]

https://finance.yahoo.com/news/class-action-commenced-against-carepartners-155900842.html

Waddell Phillips PC, Schneider Law Firm PC, and Howie Sacks & Henry
LLP have commenced a proposed class action on behalf of the hundreds
of thousands of Ontarians whose personal information was compromised
in the 2018 CarePartners privacy breach.

CarePartners has an estimated 237,000 patients across Ontario, and is
a home healthcare service provider partner of the Local Health
Integration Network provincial health authorities.

On June 18, 2018, CarePartners announced that it had been subject to a
hack and privacy breach involving employee and patient information.
Subsequently, the cyber attackers who claimed responsibility for the
hack announced that they had been able to steal virtually all of the
data on CarePartners’ servers, including full employee records and
medical files for CarePartners patients. They claimed that
CarePartners was utilizing vulnerable software that had not been
updated in years, and had failed to encrypt any of the data on their
servers.

CarePartners did not notify its patients about the breach until after
a national news broadcast revealed that the hackers had provided
reporters with stolen copies of private health records for thousands
of CarePartners’ patients.

Cyber attacks on healthcare providers have become increasingly common.
The need to be hyper-vigilant and to ensure that security measures are
current is the expected standard.

“That none of the data extracted by the cyber attackers was encrypted
demonstrates just how unprepared CarePartners was to meet the bare
minimum of cyber security standards. Consistently updated information
protection tools, including strong encryption, are essential in
today’s rapidly evolving technological world,” said Cary Schneider, a
founding partner at Schneider Law Firm PC and cyber breach specialist.

“Personal health information is the most sensitive type of personal
information, and corporations that store personal health information
must meet correspondingly high privacy protection standards.
CarePartners failed to do that, and its patients and employees paid
the price,” says Paul Miller, a partner at Howie Sacks & Henry LLP who
specializes in class actions and mass torts.

The class action team is being led by Margaret Waddell, founding
partner of Waddell Phillips PC, who is recognized by multiple lawyer
ranking agencies as a leader in plaintiff-side class actions, and has
acted as class counsel on a number of prominent cases. Waddell says,
“CarePartners’ lack of transparency regarding the breach and the
efforts it has made to retrieve and protect its clients’ most
sensitive health information is egregious. Clients have a right to
know what has happened to their health records, and why they were not
properly protected.”

Further information regarding the proposed class action will be posted
as it becomes available at
https://waddellphillips.ca/class-actions/carepartners-class-action.