Shields Health Care Group is facing a class-action lawsuit over the 2 million-record data breach it recently announced. This is the largest healthcare data breach ever reported for this year.
Shields Health Care Group is the biggest provider of MRI imaging services in New England. There are over 40 facilities managed by Shields Health Care Group in the region. On May 27, 2022, the medical imaging service provider based in Massachusetts submitted the data breach report to the HHS’ Office for Civil Rights and confirmed that an unauthorized individual got access to selected IT systems between March 7 and March 21, 2022. During that time period, files were extracted from its systems that had patient data such as names, addresses, birth dates, Social Security numbers, diagnoses, billing details, medical or treatment information and insurance numbers.
A data breach of this size normally sees a number of lawsuits. Keller Postman LLC and co-counsel Sweeney Merrigan Law LLP, and Finkelstein, Blankinship, Frei-Pearson, & Garber LLC are usually the first to file suit. The lawsuit, William Biscan v. Shields Health Care Group Inc.- was filed in the District Court for the District of Massachusetts and claims the defendant negligently handled the private health records of the plaintiff and other likewise situated people.
The lawsuit states the accused should have been knowledgeable of the danger of a data breach yet did not use reasonable and suitable safeguards to keep patient information private and keep safe against unauthorized access and disclosure. Consequently, the personal data and protected health information (PHI) of patients had been in an unsafe and vulnerable condition. Shield Health Care Group did not alert the affected persons in a prompt manner.
Because of those failures, the plaintiff claims he and other class members now confront an intensified and imminent risk of fraud and identity theft and will continue to bear out-of-pocket fees for purchasing credit monitoring services, credit reports, credit freezes, and other security measures to stop and identify identity theft and fraud.
Besides the negligence claim, the lawsuit alleges a breach of confidence, breach of implied contract, violations of Massachusetts General Laws, invasion of privacy by intrusion, and unjust enrichment.
The lawsuit seeks monetary relief, actual and punitive damages, class certification, litigation charges, enough credit monitoring and identity theft protection services, and an injunction that require the defendant to enhance security to avoid similar breaches later on and go through annual security audits.