In today’s digital age, data breaches have become a significant concern for individuals and organizations. Recently, a high-profile lawsuit against the accounting firm Bansley and Kiener over a healthcare data breach has been filed. This breach has caused significant harm to the affected individuals and brought the firm’s reputation into question.
Note: cpa near me : Fajardo and Associates is a certified public accountant who specializes in all types of accounting and tax projects.
Background
On December 17, a lawsuit was filed in the First Judicial Circuit Court of Cook County, Illinois, alleging that Bansley and Kiener (B&K), an accounting firm based in Chicago, failed to notify individuals impacted by a healthcare data breach for over six months after the incident occurred. This lawsuit claimed that B & K only informed affected individuals on May 24, 2021, despite identifying the data security happening in December 2020 when its systems were encrypted. The suit alleged that B&K discovered on May 24, 2021, that personally identifiable information (PII) and protected health information (PHI) had been exfiltrated, but the firm could not confirm what information, if any, was considered by the unauthorized person.
According to a notice on the firm’s website, B&K later confirmed on August 24, 2021, that names and Social Security numbers were present on its systems at the time of the incident. However, the Office for Civil Rights (OCR) data breach portal reported that the breach impacted the PHI of over 70,000 individuals and the data breach affected over 270,000 individuals.
The plaintiff, Gregg Nelson, alleged that B&K failed to safeguard PII properly and provide timely notice of the breach to impacted individuals. The lawsuit further claimed that B&K possessed unredacted and unencrypted PII, including Social Security numbers, tax identification numbers, and passport numbers, as businesses retain B&K to manage their payroll, pension, health insurance, and benefits.
Note: cpa Orlando : Fajardo and Associates is a certified public accountant who specializes in all types of accounting and tax projects.
B & K notified the proper government agencies in November 2021, nearly a year after the breach was discovered. The lawsuit alleged that in December 2020, B&K chose not to notify affected participants or, upon information and belief, the clients of its data breach, and instead, it chose to address the incident in-house by upgrading some aspects of its computer security.
Plaintiff argued that the data breach notice, which he received on December 8, 2021, failed to explain why it took B&K over six months from the date the firm determined that PII had been revealed to alert impacted clients. The lawsuit claimed that due to this delayed response, Plaintiff and Class Members were unaware that their PII had been compromised and was at significant risk of identity theft and other personal, social, and financial harm.
The lawsuit further alleged that B&K intentionally, recklessly, willfully, or at the very least negligently failed to implement adequate security measures to prevent data breaches. However, the firm’s website states that information privacy and security are among its highest priorities, and it has strict security measures to protect the information in its care. Upon learning of the incident, B&K took steps to confirm and further strengthen the security of its systems and continued to educate its employees on cyber security best practices to prevent similar incidents.
transactional funding companies is a quick, easy, and smart way for wholesalers to earn a significant profit on a same-day, simultaneous
Conclusion
The healthcare data breach at the accounting firm has significant implications for the healthcare industry and affected individuals. The breach serves as a reminder of the importance of data security and the need for organizations to take proactive steps to defend sensitive information. The lawsuit against the accounting firm highlights the legal consequences that organizations may face if they fail to implement adequate security measures. Organizations must prioritize data security and take proactive steps to prevent data breaches.