Class Actions

CarePartners Privacy Class Action —

This proposed privacy breach class action is brought against CarePartners/Community Nursing Services Foundation (“CarePartners”), on behalf of current and former CarePartners patients and staff whose personal information was compromised in a cyber attack that was reported on June 18, 2018.

Case Overview

Waddell Phillips Professional Corporation, along with Howie, Sacks & Henry LLP and Schneider Law Firm, have launched a proposed class action in relation to a privacy breach that was announced by CarePartners in June 2018.

The claim alleges that cyber attackers were able to exploit CarePartners’ inadequate and outdated security systems to access CarePartners’ computer network and extract data containing the personal information and personal health information of hundreds of thousands of CarePartners patients and staff (the “Breach”). The compromised information includes detailed medical records and financial information, as well as contact information, and information about patients’ daily lives, workplaces, families, and homes.

This proposed class action is brought on behalf of all persons, excluding CarePartners’ senior executives, officers and directors, whose Personal Information and/or Personal Health Information was accessed in the Breach. The claim alleges that CarePartners is liable for breach of privacy, breach of contract, negligence, and various breaches of various statutes.

There is no cost to participate in this class proceeding. The lawyers are working on a contingency fee arrangement, and will only be paid from the proceeds of the litigation, if successful.

The Cyber Breach at CarePartners

CarePartners is one of Ontario’s largest private healthcare services providers. It specializes in providing out-of-hospital care—including personal support care, nursing care, rehabilitation care, caregiver support, and palliative care—to patients at their homes, schools or workplaces. CarePartners provides its services to patients primarily as a partner of Ontario’s Local Health Integration Networks (“LHINs”), although it also runs its own network of clinics. In total, CarePartners had provided services to approximately 237,000 patients at the time of the Breach.

To carry out its work, CarePartners collects a large quantity of sensitive personal information, including personal health information, from its patients and their families, as well as sensitive personal information, including personal financial information, from its over 4,500 staff and contract workers.

On June 11, 2018, hackers informed CarePartners that they had penetrated CarePartners’ computer network, and used their unauthorized access to extract virtually all of the data on their servers dating back to 2010. They provided a sample of the stolen data to accompany their claim (which CarePartners verified as authentic), and demanded an undisclosed amount of money as ransom in exchange for not posting the stolen data online. CarePartners did not pay the ransom, and the hackers began approaching media outlets regarding the Breach, which included providing CBC News reporters with access to a large sample of the stolen data, which CBC News reported on here.

CarePartners did not provide individuals affected by the Breach with direct notice that the Breach had occurred until after the CBC News report. The notice that was provided did not explain how the Breach occurred, the scope of the data that was stolen, or what efforts CarePartners made to recover the data. To date, CarePartners has not provided affected individuals with any details regarding these important issues.


Contact Us

If you are a current or former patient, employee, or contractor of CarePartners, you may be eligible for compensation if the action is successful. For more information, or to ensure that you are provided with important notices about the class action as it progresses, please complete our secure online form under the “Ask a Question” Tab (above). Your information will be kept strictly confidential and will be used only to communicate with you, and to assist with the prosecution of the action.

Case Overview

Waddell Phillips Professional Corporation, along with Howie, Sacks & Henry LLP and Schneider Law Firm, have launched a proposed class action in relation to a privacy breach that was announced by CarePartners in June 2018.

The claim alleges that cyber attackers were able to exploit CarePartners’ inadequate and outdated security systems to access CarePartners’ computer network and extract data containing the personal information and personal health information of hundreds of thousands of CarePartners patients and staff (the “Breach”). The compromised information includes detailed medical records and financial information, as well as contact information, and information about patients’ daily lives, workplaces, families, and homes.

This proposed class action is brought on behalf of all persons, excluding CarePartners’ senior executives, officers and directors, whose Personal Information and/or Personal Health Information was accessed in the Breach. The claim alleges that CarePartners is liable for breach of privacy, breach of contract, negligence, and various breaches of various statutes.

There is no cost to participate in this class proceeding. The lawyers are working on a contingency fee arrangement, and will only be paid from the proceeds of the litigation, if successful.

The Cyber Breach at CarePartners

CarePartners is one of Ontario’s largest private healthcare services providers. It specializes in providing out-of-hospital care—including personal support care, nursing care, rehabilitation care, caregiver support, and palliative care—to patients at their homes, schools or workplaces. CarePartners provides its services to patients primarily as a partner of Ontario’s Local Health Integration Networks (“LHINs”), although it also runs its own network of clinics. In total, CarePartners had provided services to approximately 237,000 patients at the time of the Breach.

To carry out its work, CarePartners collects a large quantity of sensitive personal information, including personal health information, from its patients and their families, as well as sensitive personal information, including personal financial information, from its over 4,500 staff and contract workers.

On June 11, 2018, hackers informed CarePartners that they had penetrated CarePartners’ computer network, and used their unauthorized access to extract virtually all of the data on their servers dating back to 2010. They provided a sample of the stolen data to accompany their claim (which CarePartners verified as authentic), and demanded an undisclosed amount of money as ransom in exchange for not posting the stolen data online. CarePartners did not pay the ransom, and the hackers began approaching media outlets regarding the Breach, which included providing CBC News reporters with access to a large sample of the stolen data, which CBC News reported on here.

CarePartners did not provide individuals affected by the Breach with direct notice that the Breach had occurred until after the CBC News report. The notice that was provided did not explain how the Breach occurred, the scope of the data that was stolen, or what efforts CarePartners made to recover the data. To date, CarePartners has not provided affected individuals with any details regarding these important issues.


Contact Us

If you are a current or former patient, employee, or contractor of CarePartners, you may be eligible for compensation if the action is successful. For more information, or to ensure that you are provided with important notices about the class action as it progresses, please complete our secure online form under the “Ask a Question” Tab (above). Your information will be kept strictly confidential and will be used only to communicate with you, and to assist with the prosecution of the action.

The Statement of Claim was issued on September 11, 2020 and can be viewed under the “Documents” tab on this webpage.

Additional updates will be posted as the class action progresses.

 

We review every inquiry we receive and will respond promptly to case specific inquiries.

Contact us below and we’ll respond shortly.

Contact Us