• Home
  • cyber
  • The Cigna Group Inc.: Cigna sued after data breach exposes health and claims information of patients
cyber Breach

The Cigna Group Inc.: Cigna sued after data breach exposes health and claims information of patients

Oct 1, 2024 2 min read
The Cigna Group Inc.: Cigna sued after data breach exposes health and claims information of patients

Cigna Faces Class Action Lawsuit Over Data Breach Exposing Patient Information

A new class action lawsuit filed against The Cigna Group Inc. alleges the company failed to adequately secure sensitive patient data, leading to a breach that exposed personally identifiable information (PII) and protected health information (PHI). The complaint, brought by plaintiff Karina Lopez, was filed on December 17, 2024, in the U.S. District Court for the District of Connecticut (Case No. 2:25-cv-02113).

Lopez claims the breach occurred between October 2024 and January 2025, when an unauthorized actor accessed the network of one of Cigna’s vendors. The compromised data allegedly includes names, healthcare IDs, dates of service, treatment costs, and claims numbers. Cigna reportedly discovered the breach in November 2025 but is accused of delaying notifications to affected individuals.

The lawsuit further alleges that Cigna’s negligence in implementing reasonable security measures allowed the exposed data to surface on the dark web, increasing the risk of identity theft for affected patients. Lopez seeks damages for identity theft risks, financial harm, lost time, and privacy violations, among other claims, on behalf of all U.S. individuals impacted by the breach.

The complaint includes counts of negligence, breach of implied contract, unjust enrichment, and requests for injunctive relief, with Lopez demanding class certification, monetary damages, legal fees, and a jury trial. Legal representation is provided by Siri & Glimstad LLP, Milberg PLLC, and Kopelowitz Ostrow P.A.

Separately, Cigna previously agreed to a $1.07 million settlement in a separate class action over allegations of misclassifying out-of-network providers as in-network. The current lawsuit remains ongoing.

Source: https://topclassactions.com/lawsuit-settlements/lawsuit-news/cigna-sued-after-data-breach-exposes-health-and-claims-information-of-patients/

The Cigna Group cybersecurity rating report: https://www.rankiteo.com/company/the-cigna-group

"id": "THE1768961826",
"linkid": "the-cigna-group",
"type": "Breach",
"date": "10/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'All U.S. individuals impacted '
                                              'by the breach',
                        'industry': 'Health Insurance',
                        'location': 'United States',
                        'name': 'The Cigna Group Inc.',
                        'type': 'Healthcare'}],
 'attack_vector': 'Third-party vendor compromise',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Names',
                                                         'Healthcare IDs',
                                                         'Dates of service',
                                                         'Treatment costs',
                                                         'Claims numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Protected health information '
                                              '(PHI)']},
 'date_detected': '2024-11',
 'date_publicly_disclosed': '2024-12-17',
 'description': 'A class action lawsuit filed against The Cigna Group Inc. '
                'alleges the company failed to adequately secure sensitive '
                'patient data, leading to a breach that exposed personally '
                'identifiable information (PII) and protected health '
                'information (PHI). The breach occurred between October 2024 '
                "and January 2025, with unauthorized access to a vendor's "
                'network. Compromised data includes names, healthcare IDs, '
                'dates of service, treatment costs, and claims numbers. The '
                'lawsuit claims Cigna delayed notifications and exposed data '
                'on the dark web, increasing identity theft risks.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': 'Personally identifiable information (PII) and '
                                'protected health information (PHI)',
            'identity_theft_risk': 'Yes',
            'legal_liabilities': 'Class action lawsuit, potential fines',
            'systems_affected': 'Vendor network'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
                           'entry_point': 'Third-party vendor network'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data exfiltration',
 'post_incident_analysis': {'root_causes': 'Negligence in implementing '
                                           'reasonable security measures'},
 'references': [{'source': 'Class action complaint'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuit (Case No. '
                                            '2:25-cv-02113)',
                           'regulations_violated': ['HIPAA']},
 'response': {'communication_strategy': 'Delayed notifications'},
 'threat_actor': 'Unauthorized actor',
 'title': 'Cigna Faces Class Action Lawsuit Over Data Breach Exposing Patient '
          'Information',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.