Privacy Class Action Launched Against CarePartners

Howie, Sacks & Henry LLP, Waddell Phillips PC and Schneider Law Firm have joined forces to launch a class action against CarePartners arising out of a cyber-attack in June 2018.

The action seeks compensation on behalf of current and former CarePartners patients and staff whose personal information was implicated in the cyber-attack. The action alleges that cyber hackers were able to exploit CarePartners’ inadequate and outdated security systems to access CarePartners’ computer network and as a result the personal information of patients and staff held in that system were inappropriately accessed by the hackers.

The personal information included detailed medical records, financial information, and contact information, along with information about patients’ daily lives, workplaces, families and homes.

Updates

The Facts

CarePartners is one of Ontario’s largest private healthcare services providers. It specializes in providing out-of-hospital care to patients at their homes, schools, or workplaces, including personal support care, nursing care, rehabilitation care, caregiver support and palliative care. CarePartners provides its services to patients primarily as a partner of Ontario’s Local Health Integration Networks and runs its own network of clinics.

At the time of the cyber-attack, CarePartners had provided services to approximately 237,000 patients, and held substantial amounts of sensitive personal health information for each one of those patients, as well as personal information, from its over 4,500 staff and contract workers.

On June 11, 2018, hackers informed CarePartners that they had accessed the CarePartners network and extracted data from its servers. The hackers attached a sample of CarePartners patient and employee data, which CarePartners verified to be authentic data that had resided on its servers. The hackers demanded undisclosed amounts of money from CarePartners as a ransom in exchange for the hackers not posting or selling the data online. CarePartners did not pay the ransom, and the hackers began approaching media outlets regarding the breach, which included providing CBC News reporters with access to a large sample of the stolen data.

CarePartners did not provide individuals affected by the cyber-attack with direct notice that the attack had occurred until after the CBC News report. The notice that was provided did not explain how the breach occurred, the scope of the data that was stolen, or what efforts CarePartners made to recover the data. To date, CarePartners has not provided affected individuals with any details regarding these important issues.

The Law

According to the law, CarePartners owes a duty of care to its patients and staff and is obliged to maintain confidentiality and protect the privacy of its patients and staff’s personal information.

Every patient and staff of CarePartners has the reasonable expectation that their right to privacy and confidentiality will be respected. That means their personal information will not be disclosed to the public or to any unauthorized individuals without their express consent. It also means that CarePartners will have appropriate safeguards to protect against a cyber-attack and to limit the exposure even in the case of a successful cyber-attack.

The lawsuit alleges that by CarePartners failure to have proper security protections in place to protect the highly sensitive information of its patient and staff, those expectations were not met, and that CarePartners breached the privacy rights of its patients and staff.

The Proposed Class Proceeding

This proposed class action is brought on behalf of all persons, excluding CarePartners’ senior executives, officers and directors, whose personal information was accessed in the cyber-attack. The claim alleges that CarePartners is liable for breach of privacy, breach of contract, negligence, and various breaches of various statutes.

Contact Us

If you are a current or former patient, employee, or contractor of CarePartners, you may be eligible for compensation for the damages you suffered due to the cyber-attack. To identify yourself as a potential member of this class action and for more information, please contact our team at 1-877-771-7006 or email Paul Miller directly at pmiller@hshlawyers.com or email Christine Sesek directly at csesek@hshlawyers.com. There is no cost to you to participate as a class member in this proposed class action. The lawyers are working on a contingency fee arrangement, and will only be paid from the proceeds of the litigation, if it is successful.

Tell Us What Happened.

Our team of highly-trained lawyers are here to listen and help.

Call

We’re available 24/7 for a free consultation.

FIRST TIME CALLERS
CURRENT CLIENTS

Live Chat

From the comfort of your phone, tablet or computer we’re available 24/7.

Online Form

Complete our online form and we’ll get back to you within one business day.

Demystifying the complex and sometimes overwhelming world of personal injury law.

Among the best in Canada

Since 2011 Canadian Lawyer Magazine rated us one of the top personal injury law firms in Canada. Why? With close to 20 years helping accident victims and their families, our firm understands the laws that affect your rights to compensation because we’ve helped shape those laws in favour of accident victims.

Among the best in Canada

Since 2011 Canadian Lawyer Magazine rated us one of the top personal injury law firms in Canada. Why? With close to 20 years helping accident victims and their families, our firm understands the laws that affect your rights to compensation because we’ve helped shape those laws in favour of accident victims.