A recent class action lawsuit has been filed against a prominent healthcare provider for allegedly failing to protect sensitive patient information, raising concerns about data security in the healthcare industry. On November 13, 2025, Lindsey Williams-Diggins and Christian Williams filed a complaint in the United States District Court for the Northern District of Ohio against Harbor Behavioral Healthcare, Inc., accusing the organization of negligence in safeguarding personal and health information.
The plaintiffs allege that Harbor Behavioral Healthcare failed to secure and protect their private information, including names, addresses, Social Security numbers, and medical records. The lawsuit claims that between July 25 and August 1, 2025, an unauthorized actor accessed Harbor’s network and stole sensitive data. Despite discovering the breach in August, Harbor reportedly delayed notifying affected individuals until September. The plaintiffs argue that this delay exacerbated the risk of identity theft and fraud for those impacted by the breach.
According to the complaint, Harbor’s failure to implement adequate security measures violated several laws, including negligence per se under Section 5 of the Federal Trade Commission Act and HIPAA regulations. The plaintiffs assert that Harbor had a duty to protect patient information but instead stored it in an unencrypted environment accessible via the internet. This alleged negligence has left current and former patients vulnerable to identity theft and financial fraud.
The plaintiffs are seeking damages for themselves and other affected individuals as well as injunctive relief. They demand that Harbor adopt sufficient practices to safeguard private information in its custody to prevent future breaches. Additionally, they request that Harbor provide lifetime identity theft protection services for all class members.
Representing the plaintiffs are attorneys from various law firms specializing in data breach litigation. The case is presided over by judges from the Northern District of Ohio with Case ID: 3:25-cv-02474.
Source: 325cv02474_Williams_Diggins_v_Harbor_Behavioral_Healthcare_Complaint_Northern_District_Ohio.pdf
