Eye Care Company Sued Following Data Breach

20/20 Eye Care Network, Inc. (20/20) and iCare Health Solutions, LLC are under suit from plaintiff and former patient Kristi Hoffman-Mock, who is suing on behalf of herself and all others similarly situated. The suit, filed Thursday in the Southern District of Florida, is a class action complaint demanding a jury trial.

20/20 was described in the complaint as an “entity that provides eye and hearing care services and administration.” After being a patient there, Hoffman-Mock said she received a notification in the form of a letter in May of 2021 informing her that the defendant’s systems had been “viewed, seen, or accessed by unauthorized third parties.” Not only did the hackers get into 20/20’s systems and obtain information, the notice said, but they also deleted files.

The personally identifiable information (PII) and personal health information (PHI) of the plaintiff and class members, which include several minors, has been obtained by the hackers, leading them to face a “substantial increased risk of identity theft,” the complaint said. Hoffman-Mock believes that the class extends to 3.2 million other individuals whose information was not secured by the defendant. Further effects of the breach include the need for affected individuals to pay private monitoring companies to protect themselves, their PHI, and their PII.

The complaint said the breach occurred on January 11 and was discovered by the defendants on February 18. However, the plaintiff was not informed of the breach until May 28.

Hoffman-Mock claims that this breach of security was prompted by the defendant’s failure to implement proper cyber-security measures to protect information of the impacted individuals. She argued that this constitutes a reckless disregard of herself and the accompanying class members. The plaintiff is ultimately accusing 20/20 of failing to have proper security, failing to disclose to patients their lack of security, failing to take steps to prevent breaches, and lastly failing to provide proper and timely notice of the breach.

The plaintiff is alleging claims for negligence, invasion of privacy, breach of implied contract, unjust enrichment, breach of fiduciary duty, breach of confidence and violation of Florida’s Deceptive and Unfair Trade Practices Act. She also said the defendants failed to comply with both HIPAA and industry standard practices, leading to her demands that 20/20 disclose the nature of the information compromised and adopt more protective measures for security. She is seeking class certification, a trial by jury, compensatory, statutory, nominal, and punitive damages, equitable relief, and costs.

The plaintiff is represented by Devine Goodman & Rasco LLP and Arnold Law Firm.