Horizon Healthcare Services Inc., which does business as Horizon Blue Cross Blue Shield of New Jersey, has been hit with a class action lawsuit in New Jersey federal court over the November 2013 theft of two unencrypted laptop computers that contained the personal information for more than 839,000 policyholders.
Plaintiffs Karen Pekeney and Mark Meisel filed the class action lawsuit on Wednesday, claiming that Horizon failed to adequately safeguard its policyholders’ sensitive personal identifiable information (PII) and protected health information (PHI). PII includes (but is not limited to) the names, birthdates, Social Security numbers and addresses of the policyholders. PHI includes the medical history, demographic information, insurance information and other data collected by health care professionals.
According to the class action lawsuit, two unencrypted laptop computers were stolen from Horizon’s headquarters in Newark, N.J. in November 2013. In December, the plaintiffs received letters informing them that their PII and PHI may have been contained on the stolen laptops. Horizon’s website reported that more than 839,000 members were sent letters regarding the data breach.
The plaintiffs allege that this data breach was preventable. The class action lawsuit refers to a similar theft that took place in January 2008. At that time, a laptop containing the PII of approximately 300,000 members was stolen from a Horizon employee’s residence. Subsequently, government officials began an investigation into Horizon’s data protection practices. In response, Horizon claimed that it had begun encrypting all laptops, desktops and portable media devices and anticipated that this process would be complete in March 2008.
“Because of the 2008 laptop theft and ensuing public concern, Defendant assuredly knew the risks involved in maintaining sensitive member PII and PHI on unencrypted laptops and indeed publicly stated it would change its practices; nonetheless, Defendant continued to store such sensitive material in an unsafe manner,” the class action lawsuit says.
According to the class action lawsuit, the stolen laptops had only been “cable-locked” to employee workstations, which the plaintiffs allege are “easily defeated” with office supplies and other common items. Although the stolen laptops were reportedly password-protected, they were unencrypted. The plaintiffs argue that encryption is the only effective way to protect sensitive data.
The plaintiffs filed the class action lawsuit on behalf of themselves and all other individuals who enrolled in Horizon’s health insurance plans on or before Nov. 3, 2013 and whose data was compromised by the laptop theft. They accuse Horzion of negligence, breach of contract, and violations of the Fair Credit Reporting Act and the New Jersey Consumer Fraud Act.
The plaintiffs are represented by William J. Pinilis, Robert N. Kaplan, David A. Straite and Lauren I. Dubick of Kaplan Fox & Kilsheimer LLP.
The Horizon Blue Cross Data Breach Class Action Lawsuit is Karen Pekelney, et al. v. Horizon Healthcare Services Inc., Case No. 2:14-cv-00548, in the U.S. District Court for the District of New Jersey.
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
©2008 – 2014 Top Class Actions® LLC
Various Trademarks held by their respective owners