in Newswire Published on November 15, 2022

Medical Associates of the Lehigh Valley Responsible for 2022 Data Breach, Class Action Alleges

by Kelly Mehorter

View Comments

Kale v. Medical Associates of the Lehigh Valley, P.C.

Filed: November 11, 2022 § 5:22-cv-04520

Read Complaint

A class action claims that Medical Associates of the Lehigh Valley failed to adequately safeguard patients' personal and health information, resulting in a data breach.

Defendant(s)

Medical Associates of the Lehigh Valley, P.C.

Law(s)

State(s)

Pennsylvania

Categories

Privacy Data Breach

A proposed class action claims the failure of Medical Associates of the Lehigh Valley (MATLV) to adequately safeguard the health and personally identifiable information of approximately 75,628 patients is to blame for a data breach earlier this year.

The 31-page lawsuit alleges MATLV, which operates over 40 healthcare facilities throughout central Pennsylvania, “intentionally, willfully, recklessly, or negligently” failed to implement reasonable cybersecurity measures to protect patients’ sensitive information from malicious third parties. As a result, the case contends, cybercriminals accessed MATLV’s system sometime before July 3, 2022, and obtained consumers’ names; addresses; email addresses; birth dates; Social Security, driver’s license and state ID numbers; health insurance provider names; medical diagnoses; treatment information; medications; and lab results.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

Per the complaint, the ransomware attack was detected in July yet MATLV, Pennsylvania’s largest primary care group, waited two months before disclosing the data breach to the 75,628 affected individuals, on September 9.

The filing says that MATLV has offered no aid to data breach victims, even though they now face a significant, lifelong risk of identity theft and must pay out-of-pocket expenses associated with the fraudulent use of their personal information. 

The plaintiff, a former MATLV patient, claims to have experienced since the incident increased spam and phishing attempts, including “messages attempting to lure her into providing additional financial information via phone, text, and email.”

The filing contends that MATLV’s alleged misconduct is a violation of its privacy policies, which promise patients that “[y]our information will be kept confidential except as is necessary to provide services or to ensure that all administrative matters related to your care are handled appropriately.” Further, MATLV’s online privacy notice lists instances in which it might disclose medical information without prior written authorization, “none of which are applicable here,” the complaint asserts.

More specifically, the case claims that MATLV failed to implement the following required and appropriate cybersecurity protocols:

“ … (i) encrypt or tokenize the sensitive PII [protected health information] and PHI [protected health information] of Plaintiff and the Class Members, (ii) delete such PII and PHI that it no longer had reason to maintain, (iii) eliminate the potential accessibility of the PII and PHI from the internet where such accessibility was not justified, and (iv) otherwise review and improve the security of its network system that contained such PII and PHI.”

The lawsuit looks to represent anyone whose personally identifiable information or protected health information was accessed and/or exfiltrated during the 2022 Medical Associates of the Lehigh Valley data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Open Document
Last Updated on November 15, 2022 — 4:21 PM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.