Class Action Lawsuit Filed Against SuperCare Health Over July 2021 Data Breach


On Wednesday, Harmon Cottrell filed a class action lawsuit in the Central District of California against Super Care, Inc. alleging that it failed to properly secure and safeguard its patients’ personally identifiable information (PII) and protected health information (PHI).

According to the complaint, Super Care Inc. is a California corporation doing business as SuperCare Health, Inc. and is a leading in-home respiratory care provider in the Western U.S. with the goal “to be the most trusted partner managing high-risk respiratory diseases combining both in-home, high-touch care with telehealth and remote monitoring.” Further, as a corporation  doing business in California, Super Care  is  legally required to protect PII and PHI from unauthorized access and exfiltration. 

The complaint purports that from July 23, 2021 to July 27, 2021, a third unknown party gained access to certain systems on the defendant’s network leading to a data breach. The complaint states that the breach affected nearly 318,400 current and former patients of Safe Care and the plaintiffs’ PII and PHI were potentially compromised by the data breach including.

The complaint states that despite Safe Care being aware of the data breach on July 27, 2021, Safe Care did not report the breach to the Health and Human Services Office of Civil Rights until March 28, 2022 and did not inform the plaintiffs of the breach until March 25, 2022. The plaintiffs allege that the defendant failed to explain why it failed to prevent the data breach nor why it failed to inform the plaintiffs of the breach for nearly eight months. 

The plaintiffs argue that the defendant failed to properly safeguard and protect their PII and PHI and provide reasonable and adequate data security in compliance with California law and the defendant’s required standard of care. Additionally, the plaintiffs state that their PHI is highly coveted and protected under the Health Insurance Portability and Accountability Act (HIPAA), and the defendant’s negligence has caused the plaintiffs’ PHI to be compromised in violation of HIPQA.

The complaint argues that Safe Care was obligated under California law, HIPAA, contract law, industry standards, common law and its own representation made to the plaintiffs to keep their PII and PHI confidential. The plaintiffs further argue that the data breach has put the plaintiffs in iminent, immediate and continuing increased risk of harm from identity theft and fraud. 

Accordingly, the plaintiffs filed the present suit alleging violations of California’s Confidentiality of Medical Information Act, California’s Consumer Records Act and California Unfair Competition Law, negligence, negligence per se, breach of implied contract and invasion of privacy. For the alleged causes of action, the plaintiffs seek class certification, compensatory, special and economic damages and prejudgment interest. The plaintiffs are represented by Lebe Law, APLC