July 9, 2015 – Mintz & Geftic has filed a class action lawsuit against Horizon alleging that Horizon failed to safeguard its customers’ sensitive personal information, including their protected health information as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), Social Security numbers, names, dates of birth, mailing addresses, demographic information, medical records, and health insurance identification numbers (collectively, their “Sensitive Data”). As a healthcare insurance provider, Horizon is required to protect its customers’ Sensitive Data by adopting and implementing the specific data security regulations and standards set forth under HIPAA. Many of these same data security protection practices are mandated by industry-standard data protection protocols.
The lawsuit alleged that Horizon promised to protect its customers’ Sensitive Data by adopting and implementing the specific data security regulations mandated by HIPAA and industry standards. The plaintiffs in the lawsuit allege that because Horizon expects and requires its customers to pay for their healthcare insurance services – which includes the protection of their Sensitive Data – a portion of the fees that Horizon charges and collects from its customers is allocated to implementing those data security practices.
The Plaintiff in the case alleges that Horizon continued to charge its customers and accept money for these services, even though it did not provide its customers with the entirety of the services they paid for. Specifically, the lawsuit alleges that Horizon breached its promises (and implied obligations) to its customers by maintaining their Sensitive Data in electronic databases that lacked crucial—and statutorily required—data security measures and protocols.
In November 2013, two unencrypted laptop computers containing the Sensitive Data of over 800,000 of Horizon customers were taken from Horizon’s Newark headquarters. The class action claims that by maintaining its customers’ Sensitive Data in electronic databases (i.e., laptop computers) that lacked even basic security measures and industry standard data protections, Horizon broke its promises and contractual obligations with its customers and, thanks to this lax security, jeopardized hundreds of thousands of its customers’ Sensitive Data. A copy of the complaint is available here.
If you were a Horizon customer before November 2013 and received a letter from Horizon indicating that your personal information may have been stolen, you should contact Bryan H. Mintz.0