In February, HHS added an incident to their public breach tool involving Pennsylvania Adult & Teen Challenge, an addiction treatment center. In July, 2020, PPATC had discovered that an unauthorized individual had accessed some employee email accounts. A forensic investigation could not determine what information in those accounts had been accessed, and they wound up notifying 7,771 patients.
Now a potential class action lawsuit has been filed in Philadelphia County Court with Kris Reese of Reading and Todd Saylor of McClellandtown, Fayette County as named plaintiffs. Mike Urban of the Reading Eagle reports:
The center, which has three residential locations and seven outpatient centers across the state, did not take basic cybersecurity precautions that could have prevented the July 29, 2020, hack of some employee email accounts, and was then slow to inform clients their information had been stolen, the suit alleges.
The Reading Eagle describes the complaint as alleging that the entity was slow to notify patients, only sending a letter in March, more than two months after they had completed their internal review to identify who had data in the employees’ email account. Given that HHS was notified on February 7 and the entity’s notification is dated February 8, it is not clear why it took another month to mail the letters.
Read more on The Reading Eagle.