A company that helps enroll Californians in an AIDS Drug Assistance Program (ADAP) is being sued over a data breach involving 93 low-income HIV-positive people, according to a press release from Lambda Legal, which filed the class action lawsuit and advocates for the rights of the LGBT and HIV communities.

A.J. Boggs & Company was hired in 2016 by the California Department of Public Health (CDPH) to administer the state’s ADAP, a federal program that helps get HIV meds to individuals who are not eligible for Medicaid but have financial need.

“From day one, July 1, 2016, when A.J. Boggs’s ADAP enrollment system went online, there were problems, and it is not as if these problems were unexpected,” said Jamie Gliksberg, Lambda Legal staff attorney, in the press release.

“Several nonprofits that enroll community members in ADAP, as well as the Los Angeles County Department of Health, raised concerns before the system went online that there had been no testing or vetting of the new enrollment system.”

Indeed, in November 2016, the company’s enrollment portal was taken off-line after it was deemed vulnerable to a security breach. The following February, CDPH learned that “unknown individuals” had downloaded the private medical information of 93 people. In April 2017, CDPH notified the 93 people.

“It hit me like a ton of bricks, when I was notified that someone had obtained my private medical information,” said Alan Doe in the press release; he is using a pseudonym in the lawsuit.

“I need these medications to live, and I could only afford them through ADAP. That doesn’t mean, however, that I want everyone to know my HIV status. That’s for me to decide, and A.J. Boggs took that choice away from me.”

“Low-income Californians living with HIV who rely on the AIDS Drug Assistance Program for lifesaving medication trust that the program will keep their HIV status confidential: A.J. Boggs violated that trust,” added Scott Schoettes, counsel and HIV project director at Lambda Legal.

“When members of already vulnerable communities—transgender people, women, people of color, undocumented people—have to jump through hoops to access health care, undermining the community’s trust in ADAP is not just a breach of security but another barrier to care.”

According to Lambda Legal, about 30,000 people are enrolled in California’s ADAP.

In related news, CVS and Aetna have been sued for mailing out envelopes that revealed clients’ personal HIV information.