American Pain and Wellness at Fault for November 2022 Data Breach, Class Action Alleges

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims negligence on the part of American Pain and Wellness resulted in a cyberattack that compromised the personal data of thousands of current and former patients.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 32-page lawsuit says that although the back and spine pain management practice purportedly discovered on November 27, 2022 that its computer systems had been hacked, an investigation revealed that cybercriminals actually gained access to the systems 17 days earlier. The suit relays that the personal information of 7,457 current and former patients was compromised, including, without limitation, names, Social Security numbers, home addresses, dates of birth, physician and diagnosis details, medical history and health insurance information.

The case argues that the Texas-based practice failed to implement adequate cybersecurity measures and properly train its employees in cyber-safety, which left patients’ private data in a “vulnerable position” and made the computer networks “easy targets for cybercriminals.”

American Pain and Wellness had “no effective means to prevent, detect, stop, or mitigate breaches of its systems,” allowing the hackers “unrestricted access” to the sensitive information stored by the company, the complaint charges.

In addition, the defendant only began to send out notices to data breach victims in late March 2023, almost four months after the cyberattack was purportedly discovered, the filing states. By keeping victims “in the dark,” American Pain and Wellness prevented them from taking early steps to mitigate the harms caused by the exposure of their confidential information, the lawsuit contends.

Given that it collects and stores the data of thousands of current and former patients, the practice is legally obligated to protect that information from unauthorized disclosure, the suit explains. However, American Pain and Wellness has reportedly “done nothing” to make amends for its negligent conduct, the case claims.

“[American Pain and Wellness] has not offered its victims even simple credit monitoring services,” the complaint reads. “Rather, [the practice] blatantly disregards the injuries that it inflicted upon [victims of the breach].”

According to the filing, the plaintiff, a Texas resident and longtime patient, received notice on March 28 of this year that his private information had been compromised in the cyberattack. Like other victims, the man’s data is now “forever exposed” and, as a result, he faces a lifelong risk of identity theft, fraud and other illegal schemes, the case charges.

The lawsuit looks to represent anyone in the United States whose personal information was compromised in the data breach discovered by American Pain and Wellness, PLLC in November 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.