Centrelake Medical Group, Inc. has been sued over a data breach during which patients’ confidential medical and personal information was allegedly exposed to potentially malevolent third parties. Information exposed in the breach may have included patient names, contact information, medical records and Social Security information.
According to the lawsuit, although the systems of the outpatient radiology group were hacked in January 2019, the breach wasn’t discovered until February. And, as the case tells it, patients weren’t informed until April. When Centrelake did put out a press release announcing the breach, the lawsuit says, it was unclear whether they had taken additional steps to secure their patients’ data following the incident.
The suit charges that Centrelake negligently failed to secure patients’ personal health information and failed to notify patients of the breach in a timely manner. The proposed class includes everyone whose information was allegedly exposed during the breach and seeks, among other damages, three years of credit monitoring paid for by Centrelake and individualized notices of the breach detailing the types of information allegedly exposed for those affected.