A patient filed a class-action lawsuit Nov. 29 against Solara Medical Supplies, claiming his personal and medical information is at risk after a data breach at the device company, according to GovInfoSecurity.
In November, Solara notified more than 114,000 patients of a cybersecurity incident. The devicemaker said that in June it discovered an unauthorized third-party had gained access to employees' emails. The unauthorized person had access to the email accounts between April 2 to June 20.
Patient data that may have been exposed in the data breach included names, addresses, dates of birth, Social Security numbers, employee identification numbers, medical information, health insurance information, financial information, credit or debit card information, driver’s license or state identification numbers, passport information, account login information, billing or claims information, and Medicare or Medicaid identification numbers.
Juan Maldonado, the patient who filed the lawsuit, claims that his data "is now in the hands of cybercriminals … [putting him] imminently at risk of crippling identity theft and fraud," according to GovInfoSecurity.
Additionally, the lawsuit claims Solara didn't notify patients in a timely manner about the breach.
"Despite knowing many patients were in danger, the defendant did nothing to warn breach victims until over four months later. During that time, the cybercriminals had free reign to defraud their unsuspecting victims," the lawsuit alleges.
Mr. Maldonado is seeking "appropriate monetary relief, including actual damages, punitive damages, attorney fees and such other and further relief as is just and proper."