Healthcare Information Security

Cybersecurity News

California Court Denies Motion to Dismiss Health Data Breach Suit

The California Superior Court has denied a motion to dismiss a class action lawsuit for a health data breach that exposed confidential medical records of 93 individuals with HIV.

health data breach

Source: thinkstock

By Fred Donovan

- The California Superior Court has denied a motion to dismiss a class action lawsuit against A.J. Boggs & Company for a health data breach that exposed confidential medical records of 93 individuals with HIV, Lambda Legal, who is representing the plaintiffs, announced Oct. 4.

A.J. Boggs & Company administered the online enrollment system for the California AIDS Drug Assistant Program (ADAP), which is a federally funded program to provide financial assistance for medication to people living with AIDS who are not eligible for Medicaid.

“We are very pleased California’s Superior Court rejected A.J. Boggs & Company’s attempt to have this case dismissed.  A.J. Boggs & Company must be held responsible for failing to secure the private and confidential HIV-related medical information of Californians with HIV who rely on the ADAP for life-saving medication,” said Jamie Gliksberg, the Lambda Legal attorney leading this case.

In 2016, the California Department of Public Health contracted with A.J. Boggs & Company to administer the ADAP enrollment program. Lambda Legal is accusing A.J. Boggs & Company with developing and launching an enrollment portal without adequate security testing.

In February 2017, CDPH discovered that an unknown third party accessed the portal and downloaded medical information of 93 people with AIDS. As a result, CDPH canceled the contract with A.J. Boggs & Company on March 1, 2017, and notified those affected by the breach in April 2017.

“When members of already vulnerable communities—transgender people, women, people of color, undocumented people, individuals with low incomes—already face challenges in accessing health care, undermining the trust they have in the ADAP is not just a breach of security, it creates a barrier to care,” commented Lambda Legal Counsel and HIV Project Director Scott Schoettes.

Lambda Legal filed a complaint on April 3, 2018, against A.J. Boggs & Company alleging that the company violated California’s medical privacy laws, including the California AIDS Public Health Records Confidentiality Act and the California Confidentiality of Medical Information Act.

“This class action is brought to vindicate the privacy rights of Plaintiff and all other persons living with HIV whose identities, personal data, and medical information were accessed by unauthorized individuals because Defendant A.J. Boggs failed to adequately protect and secure this highly sensitive information,” the complaint argued.

“Between August 2016 and November 2016, Plaintiff and the putative class members were participants in California’s AIDS Drug Assistance Program (“ADAP”). The program participants relied on A.J. Boggs, the company contracted to administer program enrollment, to aid them in procuring life-saving medications to keep HIV under control,” the complaint alleged.

“Instead of treating the private health information of its clients with the care it was due, A.J. Boggs left the database containing this information open to exploitation. As a result of A.J. Boggs’s negligent or willful conduct, ninety-three participants in California’s ADAP program had their private information accessed by individuals who subsequently could reveal participants’ HIV status to an unknown number of additional individuals,” it added.

Alan Doe, the lead plaintiff who uses a pseudonym for purposes of the lawsuit, stated that the HIV medications “are life-saving for me, and I could only afford them through the AIDS Drug Assistance Program.”

“That does not mean, however, that I deserved to have my confidential medical information exposed publicly. With whom, when and how I share my HIV status is my right and my decision, and A.J. Boggs & Company took both away from me. Lambda Legal is here to make sure a breach like this never happens again,” he added.

In addition to Gliksberg and Schoettes, Alan Doe and the other plaintiffs in the class-action lawsuit are being represented by Lambda Legal’s Anthony Pinggera and Cozen O’Connor’s Lawrence Gordon, Andrew M. Hutchison, and Nandini Kavuri.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...