A class action lawsuit was filed against the Syracuse medical billing company following a data breach that may have compromised the personal information of Central New York patients. A Washington, DC law firm specializing in class action lawsuits, Migliaccio & Rathod, filed the lawsuit against Practice Resources LLC (PRL) on Friday in the Onondaga County court.
The complaint pointed out the negligence and the lack of a cybersecurity structure to protect patient’s private information. It also called out the firm for taking “too long” to inform those affected by the data leak.
Practice Resources LLC lawsuit explained
According to the complaint, the personal data of the affected patients could lead to identity theft, unlawful access to email accounts, and credit card transactions.
Earlier this August, PRL reported a ransomware attack that exposed the data of 924,138 patients. The compromised data included the names, addresses, dates of treatment, health plan numbers, and medical record numbers of the impacted patients.
PRL’s CEO David Barletta stated that his business alerted patients as soon as practicable adding that the company took months to perform a forensic investigation and identify which patients needed to be contacted.
Moreover, the billing company claimed to have not discovered proof that the event led to the misuse of patient information and that the valid number of affected patients was significantly fewer.
The lawsuit plaintiff was identified as Steven N. Esce, a Fayetteville resident and a patient of Crouse Medical Practice and Laboratory Alliance of CNY.
CNY ransomware attack
Hackers gained access to Practice Resources’ computer network through a ransomware attack. In such attacks the cybercriminals seize control of or conceal data within a computer system and demand a ransom to unlock it.
According to Barletta, they received the attack from different nations targeting them, and it was a “nightmare” for the company and its employees. Due to the ongoing investigation into the incident, Barletta stated that he could not identify the nation from which the hackers originated.
The corporation has offered complimentary online cybersecurity protection to its concerned patients for a year. Moreover, the company anticipates receiving more legal complaints regarding the data leak.
In a class action lawsuit, a group of persons who have experienced comparable harm file a claim collectively and may share in any settlement. The case must be certified by the court to proceed.