Mednax has been hit with another proposed class action over the June 2020 data breach mentioned on this page.
The lawsuit, which was initially filed in Broward County, Florida Circuit Court before being removed to federal court, alleges the defendant maintained patients’ private information “in a reckless manner” that left it vulnerable to data thieves.
Per the case, those affected by the breach are at an increased risk of identity theft and fraud due to Mednax’s “negligent conduct.”
The suit looks to represent anyone Mednax identified as being among those impacted by the data breach, including individuals who received data breach notices. The case also proposes a subclass of North Carolina residents who meet the same criteria.
Mednax, Inc. and Pediatrix Medical Group face a proposed class action over a June 2020 data breach that reportedly affected nearly 1.3 million patients, many of them babies and young children.
According to the lawsuit, the “massive and preventable” breach and resulting harm suffered by those affected stemmed from the defendants’ failure to properly safeguard patients’ information, detect the breach, and timely notify those whose information was compromised. Per the suit, the incident has placed patients at risk of identity theft and fraud for years to come.
“Due to Defendants’ negligence and failures, cyber criminals obtained and now possess everything they need to commit personal and medical identity theft and wreak havoc on the financial and personal lives of nearly 1.3 million individuals, many of which are babies and young children, for decades to come,” the complaint scathes.
Founded in 1979, Sunrise, Florida-headquartered Mednax and Pediatrix, a Mednax company, are physician-led healthcare organizations that partner with hospitals and healthcare facilities to offer “clinical services spanning the continuum of care, as well as revenue cycle management, patient engagement and perioperative improvement consulting solutions,” the lawsuit, filed in California’s Southern District Court, explains.
Per the case, the defendants discovered in late June 2020 that unauthorized parties had gained access to certain of their Microsoft Office 365-hosted business email accounts through a phishing attack and uncovered the unencrypted private and medical information of 1,290,670 individuals, many of whom are babies and young children. The compromised information, according to the suit, included patients’ names, dates of birth, health insurance information, medical and/or treatment details, and billing and claims information.
After investigating the breach, the defendants learned that patients’ information had been exposed between June 17 and June 22, 2020 and again between July 2 and July 3, 2020 in a second breach, the case relays.
Despite being aware that over one million patients were affected by the breach, the defendants “did nothing” to warn them of the incident for six months—“an unreasonable amount of time under any objective standard,” according to the suit.
“Apparently, Defendants chose to complete their investigation and develop a list of talking points before giving Plaintiffs and Class members the information they needed to protect themselves against fraud and identity theft,” the lawsuit reads, noting that the plaintiffs were sent data breach notices from Mednax in December 2020.
The complaint alleges the defendants failed to spend sufficient resources monitoring incoming emails and training employees to identify and defend against security threats, and then offered those whose information was compromised “very little” assistance to mitigate the effects of the breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.