SPRINGFIELD, MA — A woman has filed a class action lawsuit against Gándara Mental Health Center after a cyberattack compromised the personal information of more than 20,000 current and former clients. The breach, which occurred on June 20, 2024, led to the exposure of sensitive data such as names, addresses, driver’s license numbers, Social Security numbers, birthdates, medical treatment details, and health insurance information.
The Lawsuit and Allegations
Wanda Delrio, a Springfield resident, filed the lawsuit in Hampden Superior Court, alleging that Gándara failed to adequately protect the private information of its clients from cybercriminals. The lawsuit asserts that Gándara’s negligence in safeguarding the data made it vulnerable to the attack.
“Defendant maintained the private information in a reckless manner. In particular, the private information was maintained on defendant’s computer network in a condition vulnerable to cyberattacks,” the lawsuit claims. The legal action is seeking to hold the center accountable for failing to protect its clients’ sensitive information.
The Breach and Its Implications
According to Gándara’s official notice, the breach impacted both current and former clients of the mental health center. The cyberattack exposed a range of sensitive personal information that could make individuals vulnerable to identity theft and fraud.
The lawsuit highlights the heightened risk of fraud, stating that affected clients are now at increased risk of identity theft and will need to monitor their financial accounts closely. The claim also emphasizes the potential for long-term consequences, as clients may need to continue monitoring their accounts for years to come.
While the center has not reported any known misuse of the compromised information, it has taken steps to mitigate the effects of the breach. Gándara notified the Federal Bureau of Investigation (FBI) and is cooperating with authorities to identify and hold the perpetrators responsible. Additionally, the center has informed the U.S. Department of Health and Human Services (HHS) and consumer reporting agencies about the breach, as required by law.
Gándara’s Response
In response to the incident, Gándara Mental Health Center has taken several measures to prevent future breaches. The agency has published a detailed notice on its homepage outlining the breach and the actions it is taking to protect clients’ data moving forward.
To assist affected individuals, Gándara has set up a toll-free call center where clients can seek further information or report concerns. The center’s hotline number is 1-877-829-4296.
Legal and Regulatory Requirements
Under U.S. health regulations, healthcare agencies that experience a data breach involving 500 or more individuals are required to report the incident to the HHS Secretary within 60 days of discovering the breach. Gándara complied with this regulation by notifying the relevant authorities about the breach and taking the necessary steps to address the situation.
The lawsuit continues as part of an effort to ensure compensation and accountability for those impacted by the breach. Clients of Gándara are advised to monitor their financial information closely and take necessary steps to protect their identities from potential misuse.
Related Topics:
