Brookfield-based Orthopaedic Specialists of CT faces $5M class action lawsuit over data breach
Abraham Ribicoff Federal Courthouse
Brookfield-based Orthopaedic Specialists of Connecticut (OSC), which also has a location in Stamford, faces a $5 million class action lawsuit over a data breach that occurred in March.
The lawsuit was filed May 6 in U.S. District Court for the District of Connecticut by Danbury resident Marisa Mancini on behalf of more than 22,000 patients of the orthopedic practice, and claims damages in excess of $5 million.
According to an April 23 notice posted on Orthopaedic Specialists’ website, OSC notified “certain current and former patients” that their personal information may have been compromised as part of a “security incident.”
The notice states that, on March 2, OSC experienced “a network security incident that involved an unauthorized party gaining access to our network environment.”
Once the breach was detected, OSC said, it “immediately took steps to secure the network environment and engaged a specialized third-party forensic incident response firm to assist with securing the network environment and investigating the extent of unauthorized activity.”
That investigation determined that the “unauthorized third party” may have “acquired certain personal information as a result of this incident,” the notice states. That information may include names, dates of birth, Social Security numbers, health insurance ID numbers and medical information, OSC said.
“Notably, the types of information affected were different for each individual, and not every individual had all the above listed elements exposed,” it said.
The notice adds that OSC “has no reason to believe that any individual’s information has been misused as a result of this event,” and that OSC “has not received any reports of misuse of information and/or related identity theft since the date the incident was discovered.”
Despite that assertion, the notice states that OSC has arranged for “complimentary credit monitoring services and identity theft protection services” for the next 12 months for anyone affected by the breach.
The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, which maintains a national database of breaches reported over the past two years. According to the listing, the OSC data breach potentially affected 22,541 people.
According to the 38-page lawsuit, the data breach “was a direct result of Defendant’s failure to implement reasonable safeguards” to protect patients’ personal information from “a foreseeable and preventable risk of unauthorized disclosure.”
The lawsuit cites five “causes of action” against OSC on behalf of Mancini and the potential class, including negligence, breach of implied contract, unjust enrichment, invasion of privacy, and violation of the deceptive trade practices act.
The lawsuit seeks class action status and requests a jury trial.
Mancini is represented by attorney Jeremy C. Virgil of the Bridgeport law firm Zeldes, Needle & Cooper PC, and Paul J. Doolittle of the Charleston, South Carolina-based law firm Poulin, Willey, Anastopoulo.
Officials with OSC did not immediately respond to a request for comment.
Most Recent
Most Recent
0 Comments