top of page
  • April M Strauss

Attorney Investigation: SuperCare Health Data Breach Notice

On March 28, 2022, SuperCare Health (“SuperCare”) submitted a Notice of data breach potentially affective patient personal information to the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”). The breach is the fifth largest reported to the OCR this year to date. Over 318,000 individuals were affected.

According to SuperCare, from July 23 to July 27, 2021, an unknown party had access to certain systems on the SuperCare network. The company investigated, and determined on February 4, 2022 that some consumer information was potentially impacted. Almost 2 months later, on March 25, 2022, the company’s Data Breach Notice was reported on the California Attorney General’s Office Data Security Breach website page and reported to the OCR.

SuperCare is based in Downey, California. It provides post-acute, in-home respiratory care, including ventilation, oxygen, CPAP/BiPAP, and other services.

The personal information that may have been acquired includes:

Full Name

And one or more of the following:


​Date of Birth


​Medical Group

​Patient Account Number

​Medical Record Number

​Health Insurance Information


Treatment Information

​Other Health Related Information

​Claim Information

And, for a subset of individuals:

• Social Security number

• Driver’s license number

As of March 25, the company states that it has no reason to believe information was published, shared, or misused as a result of this incident.

SuperCare is offering one year of complimentary identity protection services through IDX. Note that, according to the Notice, the deadline to enroll is June 25, 2022.

The full text of the SuperCare Notice of Data Breach can be found here.

Special California Laws Protect You

If certain types of personal information, like Social Security numbers and names, are left unencrypted and are accessed, stolen, or hacked because a business didn’t fulfill its obligation to implement and maintain reasonable security, an affected California resident can sue to protect their rights under the California Consumer Privacy Act (CCPA) and California Customer Records Act. Medical information is additionally covered by the California Confidentiality of Medical Information Act (CMIA).

If you are a California resident and received a Recent Notice of Data Breach from SuperCare, you may be entitled to between $100 and $1,000 or your actual damages, whichever is greater.

Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.

Relevant California Laws:

California Customer Records Act: requires businesses to put into place and maintain reasonable security procedures and practices to protect consumer’s personal information

California Consumer Privacy Act: contains many protections for personal information of California residents

California Confidentiality of Medical Information Act: requires that every health care provider and health care service plan who maintains medical information do so in a manner that preserves its confidentiality

To read more about the SuperCare Data Breach, click here.

You Have Important Legal Rights Under California’s CCPA

​Data Subject Access Rights

The right to see a copy of the personal data a business has collected about you, free of charge.

​Right to Know

The right to find out why a business has collected your personal information, what it has shared (by category), who it was collected from (by source type), and who it has shared your data with (by category). The right to find out if your data is being sold.

​Right of Data Deletion

The right to have your personal information deleted from any business that collected it directly from you.

​Non-Discrimination Right

The right not to be discriminated against by a business for exercising your CCPA rights.

​Right to Opt Out of Data Sale

The right to opt-out of the sale of your data without being discriminated against.

We Can Help You Exercise Your CCPA Rights

Every case is unique. Even when your data has been part of a breach, despite the provisions of the CCPA you may not be awarded compensation.

Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you are entitled to compensation under the CCPA. There are no out of pocket costs to you, as we only get paid if we prevail.

For more information on your legal options, please contact us using the form found here

Inquiries are Confidential • No Cost • No Obligation

Links on this website are not intended to be referrals to, or endorsements of, the linked entities or imply any relationship to the linked site or its operator.


Commenting has been turned off.
bottom of page