US Radiology Specialists, Inc. faces a proposed class action over a December 2021 data breach during which patients’ sensitive personal and medical information was reportedly compromised.
The 59-page case claims US Radiology and its subsidiaries, including Gateway Diagnostic Imaging, Radiology Ltd., Charlotte Radiology, Touchstone Medical Imaging, and Diversified Radiology of Colorado, have failed to properly safeguard patients’ information and provide timely notice of the data breach after discovering it on December 24, 2021.
According to the suit, an unauthorized party had access to US Radiology’s system from December 17 to 24 last year and may have exfiltrated patients’ data. The information compromised in the breach allegedly included patients’ names; dates of birth; Social Security, driver’s license, medical record and patient account numbers; physician names; dates of service; diagnoses; and health insurance and treatment information.
The lawsuit alleges US Radiology was well aware of the threat of a data breach yet failed to take the necessary steps to secure patients’ information.
“Had Defendant remedied the deficiencies in its security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, Defendant would have prevented the ransomware attack into its systems and, ultimately, the theft of its patients’ Private Information.”
The case goes on to claim that US Radiology failed to timely and adequately notify data breach victims. Per the suit, victims received notice through US Radiology’s subsidiaries in September of this year, almost nine months after the incident was discovered. Moreover, the letters allegedly contained no explanation for the delay, which the case says has caused patients to experience harm “they otherwise could have avoided had a timely disclosure been made.”
According to the lawsuit, the data breach letters were “not just untimely but woefully deficient” given that they failed to include certain details, such as how an unauthorized party was able to access the defendant’s network, whether the information was encrypted, how US Radiology learned of the breach, whether it was system-wide, whether the servers storing the information were accessed, and how many people were affected. The case further claims that the letters sent to victims failed to disclose the relationship between US Radiology and the subsidiary who sent each letter.
Per the suit, US Radiology has not offered “any remedial services at all” to data breach victims and has provided instead only one year of credit monitoring to “a select few” who were affected by the incident. According to the suit, this offer is “woefully inadequate,” especially since identity theft and fraud can occur years after a person’s personal information is compromised.
The lawsuit looks to cover United States residents whose private information was compromised as a result of the US Radiology data breach discovered in December 2021 and who were sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed cancer, endometriosis or reproductive problems after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.