A Vilonia, Arkansas, man is suing AllCare Pharmacy in the aftermath of a cyberattack on the Arkadelphia-based pharmacy.
In a 46-page Class Action complaint filed in May 2024 the Thrash Law Firm of Little Rock, on behalf of plaintiff Jason Metzner, outlined the grounds on which the lawsuit was filed. The suit claims that Metzner could be among many other potential plaintiffs whose personal information, including their Social Security and credit card numbers, was compromised.
The suit claims that AllCare’s “inadequate safeguarding” of plaintiffs’ protected health information was cause for the breach.
AllCare, a limited liability company, is a closed-door pharmacy that provides pharmaceutical assistance to nursing homes, correctional facilities and specialty pharmacy.
Although it’s not known when the breach began, in September 2023 AllCare detected a cybersecurity incident in which a third party gained access to its network. The lawsuit notes that AllCare waited seven months until it notified those affected by the breach — potentially including past and present employees in addition to its customers.
Lorenz, a notorious ransomware group, is believed to be responsible for the cyberattack on AllCare. The Lorenz group is reportedly infamous for harvesting personal data and publishing the stolen information to the Dark Web to extort its victims to pay a ransom or sell the data to other threat actors.
The lawsuit alleges that AllCare failed to comply with Federal Trade Commission guidelines as well as industry standards, and that HIPAA violations were an effect of the breach. Metzner is suing on grounds of negligence, breach of implied contract, invasion of privacy, breach of fiduciary duty and unjust enrichment.
AllCare’s legal counsel has yet to respond to the complaint in court, and had no comment at the time of this writing.
Discover more from
Subscribe to get the latest posts sent to your email.
