This privacy breach class action is brought against 8262900 Canada Inc. o/a CarePartners (“CarePartners”), on behalf of current and former CarePartners patients and non-unionized staff whose personal information was compromised in a cyber-attack that was reported on June 18, 2018. The action was certified for the purposes of effecting a settlement on March 2, 2022.
Waddell Phillips Professional Corporation, along with Howie, Sacks & Henry LLP and Schneider Law Firm, brought this class action in relation to a privacy breach that was announced by CarePartners in June 2018.
The claim alleges that cyber attackers were able to exploit CarePartners’ inadequate and outdated security systems to access CarePartners’ computer network and extract data containing the personal information and personal health information of hundreds of thousands of CarePartners patients and staff (the “Breach”). The compromised information includes detailed medical records and financial information, as well as contact information, and information about patients’ daily lives, workplaces, families, and homes.
This class action is brought on behalf of all persons who were patients, non-unionized employees and contractors of CarePartners from January 1, 2010 to June 11, 2018, excluding CarePartners’ officers and directors, and unionized staff. The claim alleges that CarePartners is liable for breach of privacy, breach of contract, negligence, and breaches of various statutes.
This action has been settled, and the court has approved the settlement. Notice of the settlement will be published once the names of the affected individuals have been determined.
There is no cost to participate in this class proceeding. The lawyers are working on a contingency fee arrangement, and will be paid 20% of the proceeds of the settlement, as approved by the court.
The Cyber Breach at CarePartners
CarePartners is one of Ontario’s largest private healthcare services providers. It specializes in providing out-of-hospital care—including personal support care, nursing care, rehabilitation care, caregiver support, and palliative care—to patients at their homes, schools or workplaces. CarePartners provides its services to patients primarily as a partner of Ontario’s Local Health Integration Networks (“LHINs”), although it also runs its own network of clinics. In total, CarePartners had provided services to approximately 237,000 patients at the time of the Breach.
To carry out its work, CarePartners collects a large quantity of sensitive personal information, including personal health information, from its patients and their families, as well as sensitive personal information, including personal financial information, from its over 4,500 staff and contract workers.
On June 11, 2018, hackers informed CarePartners that they had penetrated CarePartners’ computer network, and used their unauthorized access to extract virtually all of the data on their servers dating back to 2010. They provided a sample of the stolen data to accompany their claim (which CarePartners verified as authentic), and demanded an undisclosed amount of money as ransom in exchange for not posting the stolen data online. CarePartners did not pay the ransom, and the hackers began approaching media outlets regarding the Breach, which included providing CBC News reporters with access to a large sample of the stolen data, which CBC News reported on here.
CarePartners did not provide individuals affected by the Breach with direct notice that the Breach had occurred until after the CBC News report. The notice that was provided did not explain how the Breach occurred, the scope of the data that was stolen, or what efforts CarePartners made to recover the data. To date, CarePartners has not provided affected individuals with any details regarding these important issues.
Contact Us
If you are a current or former patient, non-unionized employee, or contractor of CarePartners, you may be eligible for compensation if the action is successful. For more information, or to ensure that you are provided with important notices about the class action as it progresses, please complete our secure online form under the “Ask a Question” Tab (above). Your information will be kept strictly confidential and will be used only to communicate with you, and to assist with the prosecution of the action.
Waddell Phillips Professional Corporation, along with Howie, Sacks & Henry LLP and Schneider Law Firm, brought this class action in relation to a privacy breach that was announced by CarePartners in June 2018.
The claim alleges that cyber attackers were able to exploit CarePartners’ inadequate and outdated security systems to access CarePartners’ computer network and extract data containing the personal information and personal health information of hundreds of thousands of CarePartners patients and staff (the “Breach”). The compromised information includes detailed medical records and financial information, as well as contact information, and information about patients’ daily lives, workplaces, families, and homes.
This class action is brought on behalf of all persons who were patients, non-unionized employees and contractors of CarePartners from January 1, 2010 to June 11, 2018, excluding CarePartners’ officers and directors, and unionized staff. The claim alleges that CarePartners is liable for breach of privacy, breach of contract, negligence, and breaches of various statutes.
This action has been settled, and the court has approved the settlement. Notice of the settlement will be published once the names of the affected individuals have been determined.
There is no cost to participate in this class proceeding. The lawyers are working on a contingency fee arrangement, and will be paid 20% of the proceeds of the settlement, as approved by the court.
The Cyber Breach at CarePartners
CarePartners is one of Ontario’s largest private healthcare services providers. It specializes in providing out-of-hospital care—including personal support care, nursing care, rehabilitation care, caregiver support, and palliative care—to patients at their homes, schools or workplaces. CarePartners provides its services to patients primarily as a partner of Ontario’s Local Health Integration Networks (“LHINs”), although it also runs its own network of clinics. In total, CarePartners had provided services to approximately 237,000 patients at the time of the Breach.
To carry out its work, CarePartners collects a large quantity of sensitive personal information, including personal health information, from its patients and their families, as well as sensitive personal information, including personal financial information, from its over 4,500 staff and contract workers.
On June 11, 2018, hackers informed CarePartners that they had penetrated CarePartners’ computer network, and used their unauthorized access to extract virtually all of the data on their servers dating back to 2010. They provided a sample of the stolen data to accompany their claim (which CarePartners verified as authentic), and demanded an undisclosed amount of money as ransom in exchange for not posting the stolen data online. CarePartners did not pay the ransom, and the hackers began approaching media outlets regarding the Breach, which included providing CBC News reporters with access to a large sample of the stolen data, which CBC News reported on here.
CarePartners did not provide individuals affected by the Breach with direct notice that the Breach had occurred until after the CBC News report. The notice that was provided did not explain how the Breach occurred, the scope of the data that was stolen, or what efforts CarePartners made to recover the data. To date, CarePartners has not provided affected individuals with any details regarding these important issues.
Contact Us
If you are a current or former patient, non-unionized employee, or contractor of CarePartners, you may be eligible for compensation if the action is successful. For more information, or to ensure that you are provided with important notices about the class action as it progresses, please complete our secure online form under the “Ask a Question” Tab (above). Your information will be kept strictly confidential and will be used only to communicate with you, and to assist with the prosecution of the action.
A Settlement Has been Reached
The parties have negotiated a settlement of this class action, and it was approved by the court on March 2, 2022. A copy of the Settlement Agreement can be viewed under the “Documents” tab on this webpage.
The Terms of the Settlement
Under the terms of the settlement, CarePartners paid $3.44 million to fully and finally settle the action, all inclusive. In return, CarePartners received a full and final release from the Class.
The total amount that has been paid to each qualifying Affected Class Members who made claims by the claims deadline was $245, which was their pro-rata share of the net settlement fund after deducting legal fees, administration costs and the honoraria payable to the Plaintiffs.
An honorarium was paid to each of the representative plaintiffs, Mr. Redublo and Ms. Moher, for the work that they did, and the risks they assumed in prosecuting this action.
Class Members do not receive an honorarium. Qualifying Affected Class Members have been paid their pro-rata portion of the net settlement fund.
Affected Class Members are those people whose data was released to the CBC by the hackers.
None of the data produced to CBC has been released by it, and the data has been kept in a secure, off-line location; but the data was reviewed by CBC reporters.
If you made a claim and have not received the settlement payment, please contact the claims administrator:
Trilogy Class Action Services c/o CarePartners Class Action Settlement
117 Queen Street, PO Box 1000,
Niagara-on-the-Lake ON L0S 1J0
Email: claims@trilogyclassactions.ca
Legal Fees will be Paid from the Settlement Fund
The court has approved fees to be paid to Class Counsel from the settlement fund totalling 20% of the settlement fund, plus disbursements and taxes. The costs of administering the settlement will also be paid from the settlement fund. There is no other cost to the class to participate in the class action.
We review every inquiry we receive and will respond promptly to case specific inquiries.
Contact us below and we’ll respond shortly.