CHSPSC, LLC. Data Breach Class Action

In re: Community Health Systems, Inc. Data Security Litigation

Case type: Public Interest Litigation

Filed in: U.S. District Court for the Middle District of Tennessee

Docket: Master case no. 3:23-cv-00285

Case Summary

Sanford Heisler Sharp has partnered with Barnow and Associates to file a class complaint in the U.S. District Court for the Middle District of Tennessee alleging that the CHSPSC, LLC (“CHSPSC”) failed to safeguard the personally identifying information (“PII”) and personal health information (“PHI”)—including names, Social Security numbers, addresses, dates of birth, medical billing information and diagnoses, and insurance and prescription information—of over a million individuals, including current and former patients and employees of hospitals or clinics serviced by or affiliated with CHSPSC (the “Proposed Class”). CHSPSC provides management services to hospitals and clinics associated with Community Health Services, Inc. (“CHS”)—one of the largest hospital networks in the Unites States.

The Complaint describes how CHSPSC failed to implement and maintain reasonable and appropriate data privacy and security measures to protect the Proposed Class’s PII/PHI. CHSPSC contracts with Fortra, a cybersecurity firm, for the use of “GoAnywhere,” a file transfer software that CHSPSC uses to upload, store, transfer, and access the Proposed Class’s PII/PHI. Between January 28, 2023 and January 30, 2023, unauthorized individuals exploited a vulnerability to gain access to Fortra’s GoAnywhere, compromising the Proposed Class’s PII/PHI and exposing the Proposed Class to a host of risks, including fraud, identity theft, insurance complications, negative financial repercussions, long term credit problems, and invasion of privacy. The Proposed Class seeks relief, including actual damages, statutory damages, punitive damages, restitution, and disgorgement, as well as appropriate injunctive relief designed to prevent CHSPSC from experiencing another data breach by adopting and implementing best data security practices to safeguard PII/PHI and to provide or extend credit monitoring services and similar services to protect against all types of identity theft and medical identity theft.

Plaintiffs Lola Tatum, Richard Walck, and Glenda G. Corn filed the Complaint against CHSPSC on behalf of themselves and the Proposed Class on April 26, 2023. On May 19, 2023, the Court consolidated the Complaint with five other related actions and appointed Sanford Heisler Sharp Co-Vice Chairman Kevin Sharp, along with Ben Barnow, Bart D. Cohen, and Benjamin F. Johns, as Interim Co-Lead Class Counsel.

Procedural History

Attorneys Involved in the Case