Radiology data services provider Elekta, Inc. faces a proposed class action over an April 2021 data breach that reportedly compromised the personal information of “hundreds of thousands” of its clients’ patients.
According to the case, Elekta, who offers a cloud-based data storage platform to healthcare providers, failed to take adequate steps to protect the sensitive data with which it was entrusted and “negligently and carelessly” allowed the information—including patients’ names, dates of birth, Social Security numbers, health insurance information, medical record numbers and clinical information—to be exposed in an April 2021 ransomware attack.
The lawsuit claims the breach, during which cybercriminals gained access to Elekta’s systems between April 2 and 20, 2021 and “removed and/or encrypted” the company’s files, was the direct result of Elekta’s failure to implement adequate cybersecurity policies and protocols.
“Had Defendant not failed to implement and maintain adequate security measures to protect the Sensitive Information of medical patients, the Plaintiff’s and Class Members’ Sensitive Information would not have been exposed to unauthorized access and stolen, and they would not have suffered any harm,” the complaint contests.
Per the suit, patients whose information was stolen face a heightened risk of identity theft and fraud as a result of the breach.
The plaintiff, an Oak Park, Illinois resident, says she is a former patient of Northwestern Memorial HealthCare, a client of Elekta’s who stored the plaintiff’s and other patients’ sensitive information on the defendant’s electronic database. Per the suit, Elekta’s failure to safeguard the information in its care allowed the personal data of roughly 201,196 Northwestern Memorial HealthCare patients to be accessed in the ransomware attack.
Despite being aware that data breaches occur “all too frequently” in its industry and promising that the protection of patients’ data is its “highest priority,” Elekta nevertheless failed to implement adequate security systems, monitor its systems for intrusions and ensure that anyone with access to its “immense volumes” of patient information followed reasonable security procedures, the complaint alleges.
The case looks to represent anyone whose sensitive information stored on Elekta’s databases or systems was exposed to unauthorized access as a result of the data breach that occurred around April 2.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.