Avamere Health Services, LLC Announces Data Breach Affecting Qualified Nursing and Retirement Residence Employees | Console and Associates, PC

Recently, Avamere Health Services, LLC (“Avamere Living”) confirmed that the company had suffered a data breach affecting sensitive information belonging to certain employees. Although Avamere has yet to publicly confirm the type of data compromised in the recent breach, it has made free credit monitoring available to affected employees, meaning the information leaked was likely personal or personal in nature. financial. On June 17, 2022, Avamere Health Services began sending data breach notifications to those affected by the recent data security incident.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what your legal options are following the Avamere Living data breach, please see our recent article on the subject. here.

What we know about the Avamere Living data breach

According to an official notice filed by the company, Avamere recently learned that an unauthorized party gained “intermittent access” to the company’s servers between the dates of January 19, 2022 and March 17, 2022. After becoming aware of the incident, Avamere launched its own investigation, with the assistance of third-party cybersecurity experts. This investigation confirmed the unauthorized access and, on May 18, 2022, Avamere was able to identify the employees whose information was leaked.

Notably, Avamere has not made public what types of data were hacked. However, on June 17, 2022, Avamere Living sent data breach letters to everyone whose information was compromised, explaining the incident as well as the specific data that was compromised.

Avamere Health Services, LLC is a group of affiliated companies, all of which provide skilled nursing or senior living options to residents and patients. Avamere was originally founded as Avamere Rehabilitation of Hillsboro in Oregon in 1995 and has since grown to operate facilities in 20 states including Washington, Oregon, Nevada, Utah, Arizona, New Mexico, Nebraska and Colorado. Avamere Living employs more than 8,100 people and generates approximately $907 million in annual revenue.

Can employers be held liable for data breaches affecting their employers?

Yes, employers can be held liable through a data breach class action lawsuit as a result of a data breach affecting their employees. However, the fact that a data breach has occurred does not necessarily mean that a company will be held financially liable. Typically, to succeed in a data breach case against an employer, employees must prove both that the company was negligent and that they suffered harm as a result of the incident.

As is the case with most cases subject to the legal theory of negligence, proving a data breach claim requires employees to prove, 1.) that the company owed them a duty of care, 2.) that the company breached the duty to employees, and 3.) the company’s breach of that duty caused or contributed to the data breach.

Proving employer negligence in a data breach lawsuit is not always straightforward. While all employers have a duty to protect employees’ personal, financial, and health information, whether a company has breached this duty is often disputed. The same goes for the “causality” element of the claim, as employers regularly point out that data breaches are the result of criminal actions by third parties.

However, just because a criminal actor violated an employer’s systems does not mean that the employer is not responsible. Employers have a legal obligation to implement adequate data security systems to protect employee data. And whether an employer’s data security measures are sufficient can be questioned.

When it comes to establishing the “damages” element of a data breach lawsuit, the most common damages are identity theft and other fraud. However, it is important to note that courts have held that data breach victims do not need to be actual victims of identity theft or fraud to obtain damages; the increased risk of identity theft in the future is sufficient to obtain damages.

Victims of a data breach involving their employer should contact a dedicated data breach attorney for assistance.

Comments are closed.