The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack

Posted By on Aug 30, 2022

The Wilsonville, OR-based home health care service provider and nursing home operator, Avamere Holdings, is facing a class action lawsuit over a major data breach that affected 96 senior living and healthcare facilities and resulted in the exposure of the protected health information of more than 380,000 individuals.

The breach occurred Avamere Health Services – a business associate of Avamere Holdings that provides information technology services. An unauthorized individual had access to the network of Avamere Health Services between January 19, 2022, and March 17, 2022, and exfiltrated files containing protected health information. While the nature of the attack was not disclosed, a ransomware group claimed credit for the attack and uploaded some of the stolen data to its data leak site.

The breach was reported to the Department of Health and Human Services as affecting 197,730 individuals, although some of the companies affected by the breach, such as Premere Infinity Rehab, issued their own breach notifications. At least 380,984 individuals are understood to have been affected by the data breach across more than 80 affiliated companies. Avamere Holdings has offered affected individuals complimentary credit monitoring services.

The class action lawsuit was filed by Portland, OR-based attorney, Nick Kahl, on behalf of a former Avamere employee, Kimberly Harvey Perry, who had her sensitive personal information exposed in the data breach.  The lawsuit alleges Avamere Holdings failed to implement adequate security measures to prevent cybercriminals from accessing and stealing sensitive employee data, despite being aware of the threat of cyberattacks due to many industry warnings.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The lawsuit also takes issue with the delay in issuing notifications to affected individuals. The breach was detected on or around March 17, 2022, yet Avamere waited until July 13, 2022, to issue notifications to affected individuals. The lawsuit alleges the sensitive information of the plaintiff and class members is now in the hands of cybercriminals, including their names, contact information, Social Security numbers, bank account information, and health information and they now face an imminent and future risk of identity theft and fraud.

The plaintiff and class members are alleged to have suffered the loss of value of their private information, loss of benefit of their contractual bargain, and out-of-pocket expenses mitigating the effects of the attack and protecting against identity theft and fraud.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist