Shields Health Care Group is confronted with a class-action lawsuit because of the 2 million-record data breach it recently reported. This is the largest healthcare data breach ever documented for 2022.
Shields Health Care Group is the biggest company providing MRI imaging services in New England. There are more than 40 establishments managed by Shields Health Care Group in the area. On May 27, 2022, the medical imaging company located in Massachusetts sent the data breach report to the HHS’ Office for Civil Rights and affirmed that an unauthorized person acquired access to a part of its IT networks from March 7 to March 21, 2022. Throughout that period, files were copied from its databases that contained patient data like names, addresses, dates of birth, Social Security numbers, diagnoses, billing details, healthcare or treatment data and insurance numbers.
A data breach of this enormity typically gets a few legal cases. Keller Postman LLC and co-counsel Finkelstein Blankinship Frei-Pearson & Garber Llc And Sweeney Merrigan Law Llp are commonly the very first to file suit. The legal case, William Biscan v. Shields Health Care Group Inc.- was submitted to the District Court for the District of Massachusetts and states the defendant negligently managed the private health data of the plaintiff and other equally situated persons.
The lawsuit claims the accused must have been mindful of the possibility of a data breach yet didn’t employ reasonable and proper safety measures to keep patient records confidential and secure against unauthorized access and disclosure. As a result, the personal information and protected health information (PHI) of patients had been in a threatening and vulnerable situation. Shield Health Care Group was unable to inform the impacted people promptly.
Due to those failures, the plaintiff states he and other class members currently deal with the increased and impending risk of fraud and identity theft and will still get out-of-pocket charges for buying credit monitoring services, credit freezes, credit reports, and other safety measures to avoid and recognize identity theft and fraud.
Aside from the negligence claim, the legal action claims a breach of express contract, violations of Massachusetts General Laws, breach of implied contract, breach of privacy by intrusion, and breach of fiduciary duty.
The lawsuit wants monetary relief, class certification, actual and punitive damages, litigation costs, sufficient credit monitoring and identity theft protection services, and an injunction demanding the defendant to boost security to avert the same breaches down the road and undertake yearly security audits.