Online pharmacy PostMeds Inc. has been hit with a class action lawsuit over a data breach that allegedly exposed patient information.
The lawsuit, filed in U.S. District Court for the Northern District of California, cites PostMeds' "negligent failure to implement and maintain reasonable cybersecurity procedures," which allegedly allowed the data breach to occur over a four day period in late August and early September.
The company "collects, stores, and processes sensitive personal data for thousands of individuals, including ... employees, patients, members and customers," the lawsuit states. "In doing so, PMI retains sensitive information including ... bank account information, health care related information, addresses, and Social Security numbers, among other things."
The company knew it was a target for hackers because of the amount of sensitive personal information that it processes, the suit alleges.
"Despite knowing the prevalence of data breaches, PMI failed to prioritize data security by adopting reasonable data security measures to prevent and detect unauthorized access to its highly sensitive systems and databases," the lawsuit states. "PMI has the resources to prevent a breach, but
neglected to adequately invest in data security, despite the growing number of well-publicized breaches."
The company also failed to test and analyze its systems to adequately protect customer data, the suit says.
The plaintiffs seek compensatory, consequential, general, and money damages of more than $5 million.
They are represented by attorneys Jason M. Wucetich and Dimitrios V. Korovilas, of Wucetich & Korovilas LLP, of El Segundo.
Garcia v. Postmeds Inc., U.S. District Court for the Northern District of California, 4:23-cv-05726