In a digital age where privacy is paramount, the alleged failure of TMG Health, Inc. to protect its clients' sensitive information has led to a lawsuit filed on September 6, 2023. The plaintiff, Tama Herman, has brought the case not only on her own behalf but also for all others similarly affected.
The story begins on June 23, 2023, when TMG Health, Inc., a health benefits management company, reportedly fell victim to a cyberattack. The perpetrators, according to the lawsuit, gained access to the company's inadequately protected network servers, obtaining highly sensitive personal health information (PHI) and personally identifiable information (PII) of Herman and other class members.
The lawsuit quotes, "Defendant failed to properly secure and safeguard the protected health information (PHI) and personally identifiable information (PII) of the plaintiff and class members stored within its information network." The consequences of such a breach can be far-reaching, with potential for misuse of this data leading to fraud, identity theft, and other forms of cybercrime.
However, what added salt to the wound was the alleged delay in TMG Health's response. The company discovered the breach on the same day it occurred, yet it took them two months, until August 24, 2023, to inform the victims. This delay, the lawsuit argues, prevented the victims from taking immediate steps to protect themselves from potential harm.
The lawsuit claims that TMG Health's actions, or lack thereof, violated several legal duties. The Health Insurance Portability and Accountability Act (HIPAA), for instance, requires entities like TMG Health to safeguard PHI and PII. Failure to do so can result in severe penalties. The company is also accused of violating various state and federal statutes, as well as common law principles.
Herman and the class members are seeking compensation for the actual damages they have suffered, including the loss and diminution in the value of their PHI/PII. They also seek recompense for the lost time, annoyance, and inconvenience caused by this incident, as well as for their increased concerns for privacy loss and potential misuse of their PHI/PII.
The lawsuit states, "Plaintiff and class members have suffered actual damages, including, but not limited to, the loss and diminution in the value of their PHI/PII, lost time, annoyance, interference, and inconvenience, increased concerns for their privacy and the potential misuse of their PHI/PII, and an increased risk of fraud, identity theft, and misuse of their PHI/PII."
This case serves as a stark reminder of the importance of data security in today's interconnected world. As the lawsuit progresses, it will be interesting to see how the court interprets the various laws and principles at play, and what this could mean for future cases of a similar nature.