Medical Associates of the Lehigh Valley Responsible for 2022 Data Breach, Class Action Alleges
Kale v. Medical Associates of the Lehigh Valley, P.C.
Filed: November 11, 2022 ◆§ 5:22-cv-04520
A class action claims that Medical Associates of the Lehigh Valley failed to adequately safeguard patients' personal and health information, resulting in a data breach.
A proposed class action claims the failure of Medical Associates of the Lehigh Valley (MATLV) to adequately safeguard the health and personally identifiable information of approximately 75,628 patients is to blame for a data breach earlier this year.
The 31-page lawsuit alleges MATLV, which operates over 40 healthcare facilities throughout central Pennsylvania, “intentionally, willfully, recklessly, or negligently” failed to implement reasonable cybersecurity measures to protect patients’ sensitive information from malicious third parties. As a result, the case contends, cybercriminals accessed MATLV’s system sometime before July 3, 2022, and obtained consumers’ names; addresses; email addresses; birth dates; Social Security, driver’s license and state ID numbers; health insurance provider names; medical diagnoses; treatment information; medications; and lab results.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Per the complaint, the ransomware attack was detected in July yet MATLV, Pennsylvania’s largest primary care group, waited two months before disclosing the data breach to the 75,628 affected individuals, on September 9.
The filing says that MATLV has offered no aid to data breach victims, even though they now face a significant, lifelong risk of identity theft and must pay out-of-pocket expenses associated with the fraudulent use of their personal information.
The plaintiff, a former MATLV patient, claims to have experienced since the incident increased spam and phishing attempts, including “messages attempting to lure her into providing additional financial information via phone, text, and email.”
The filing contends that MATLV’s alleged misconduct is a violation of its privacy policies, which promise patients that “[y]our information will be kept confidential except as is necessary to provide services or to ensure that all administrative matters related to your care are handled appropriately.” Further, MATLV’s online privacy notice lists instances in which it might disclose medical information without prior written authorization, “none of which are applicable here,” the complaint asserts.
More specifically, the case claims that MATLV failed to implement the following required and appropriate cybersecurity protocols:
“ … (i) encrypt or tokenize the sensitive PII [protected health information] and PHI [protected health information] of Plaintiff and the Class Members, (ii) delete such PII and PHI that it no longer had reason to maintain, (iii) eliminate the potential accessibility of the PII and PHI from the internet where such accessibility was not justified, and (iv) otherwise review and improve the security of its network system that contained such PII and PHI.”
The lawsuit looks to represent anyone whose personally identifiable information or protected health information was accessed and/or exfiltrated during the 2022 Medical Associates of the Lehigh Valley data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.