Personal Touch and Crossroads Technologies sued after Maze Team attack
As reported by TopClassActions:
A former patient says that home health provider Personal Touch failed to protect patients and customers from a ransomware attack on their computerized records.
The hospital ransomware class action lawsuit was filed by plaintiff Lugenia Booker, who says that her personal information was included in the computer records of Personal Touch Holding Corp. Personal Touch runs a group of subsidiaries nationwide that provide home health care services in a range of states. Co-defendant Crossroads Technologies manages Personal Touch’s sensitive information in cloud-based computer storage, the complaint says.
The Personal Touch Ransomware Class Action Lawsuit is Case No. 1:20-cv-00583-CCC, in the U.S. District Court for the Middle District of Pennsylvania, Reading Division.
DataBreaches.net has reported on the Crossroads Technologies/Personal Touch breach several times since January. Booker’s complaint appears to be pretty much boilerplate language. I didn’t find any specific details in it that would support some of the claims. But what we are seeing more and more seems to be the argument that an entity is guilty of negligence because they had a breach even after the FBI and/or HHS warned entities about the increased risk of breaches of this kind, etc. That argument seems to assume that knowing you are at risk means you can do something to actually prevent a breach and are somehow negligent if you didn’t prevent it. That’s an untenable position, or should be. Did Crossroads Technologies make mistakes or fail to update and patch promptly, resulting in the breach or contributing to it? We don’t know at this point. So far, the biggest mistake I think Personal Touch made is that they don’t appear to have offered those affected any credit monitoring and identity theft restoration services. Given that they know that some data was dumped publicly and that they know Maze acquired even more data than was dumped, why didn’t they offer those affected any services?
This is not the only federal case in which Lugenia Booker is a plaintiff. Her name also appears in dockets for two cases in the Southern District of New York for litigation stemming form 9/11. Those cases are still open.