Anyone who received notice that their child’s (or their own) information was compromised in the Connexin Software data breach that occurred around August 2022.
What’s Going On?
Connexin, who provides software and services to pediatric physician practice groups, experienced a data breach during which the personal and medical information of patients and their parents may have been accessed by an unauthorized party. Now, attorneys are investigating whether a class action lawsuit can be filed on behalf of victims.
How Could a Lawsuit Help?
A lawsuit could help data breach victims recover money for damages, including time spent dealing with the effects of the data breach and the cost of identity protection services. It could also force Connexin Software to implement better data security practices.
Attorneys want to hear from anyone who received a letter stating that their or their child’s information was exposed during the Connexin Software data breach that occurred in August 2022.
Specifically, they’re investigating whether a class action lawsuit can be filed against Connexin, who provides software and services to pediatric physician practice groups, for failing to take adequate steps to protect patients’ personal and medical information.
As part of the investigation, the attorneys need to hear from people who were sent a letter about the data breach from Connexin or their pediatrician, a copy of which can be seen here.
What Could I Get from a Class Action Lawsuit?
Connexin Software has offered one year of free identity monitoring services to children whose Social Security numbers were compromised in the data breach, but the attorneys believe this offer isn’t enough to compensate victims. An article on HIPAAJournal.com notes that children’s health information can often be misused for a long time without detection, making it “especially valuable” to cybercriminals.
A class action lawsuit could compensate data breach victims for damages they’ve incurred as a result of the breach, including the following:
Lost time spent addressing and mitigating the effects of the data breach
The cost of ongoing credit monitoring and identity theft protection services
Loss of privacy
Damage to credit
A class action lawsuit could also force Connexin Software to implement more robust data security practices and procedures to protect patients’ information from future breaches.
I’ve Never Heard of Connexin. Why Do They Have My Child’s Information?
You may not have heard of Connexin Software before receiving a data breach letter because the company works directly with pediatricians. Many pediatric physician practice groups partner with Connexin Software (who does business as Office Practicum) for electronic medical records and practice management software, billing services, and business analytics tools. In the course of providing these services, Connexin may have access to much of the pediatricians’ data, including their patients’ personal and medical information.
The Connexin Software Data Breach
The company announced in late November that it had experienced a data breach affecting over 2.2 million patients. According to a notice on the Office Practicum website, Connexin Software detected “a data anomaly” on its network in late August and, after an investigation, determined by mid-September that an unauthorized party had gained access to “an offline set of patient data” that was used for data conversion and troubleshooting.
Connexin has stated that the following patient information may have been exposed in the breach:
demographic information (such as patient names, guarantor names, parent/guardian names, addresses, email addresses and dates of birth)
Social Security numbers
health insurance information
medical and treatment information (such as dates of service, location, services requested, procedures performed, diagnosis, prescription information, physician names and medical record numbers)
billing or claims information
Connexin said it would send letters to individuals whose information may have been impacted, and some pediatricians may be sending their own letters to patients as well.
Which Pediatric Practice Groups Were Impacted?
Below is a list of the 119 pediatric practices that were confirmed as being affected by the data breach: