Class Action Alleges Northeast Orthopedics Left Patient Info Vulnerable to Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit alleges Northeast Orthopedics and Sports Medicine, PLLC failed to protect the personal data of approximately 177,000 individuals during a cyberattack detected in November 2023.

Did you receive a data breach letter from Northeast Orthopedics? Let us know here.

The 64-page data breach lawsuit says that the orthopedic practice, which provides healthcare services in New York and parts of New Jersey, discovered unusual activity on its computer network on November 22 of last year. According to the suit, an investigation determined an unauthorized third party may have gained access to certain files stored within the system.

Per the case, the data breach exposed the personal information of current and former Northeast Orthopedics patients, including their names, Social Security numbers, driver’s license details, payment information and dates of birth. In addition, the incident may have compromised information about patients’ medical records, health insurance, treatments and diagnoses, the complaint relays.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The data breach stemmed from the healthcare provider’s failure to use cybersecurity protocols appropriate to the nature of the highly sensitive patient information in its care, the filing contends. As the lawsuit tells it, the data was stored unencrypted and unredacted in the company’s computer network, making it particularly vulnerable to unauthorized disclosure.

The plaintiff, a former patient, says she received notice from Northeast Orthopedics in early March 2024 informing her that her private data had been compromised in the breach. Like other victims, the woman now faces an ongoing risk of identity theft and fraud as a result of the incident, the complaint claims.

Moreover, Northeast Orthopedics’ notice letter omitted crucial information about the incident, such as the precise dates the data breach occurred, how cybercriminals gained access to its system and what steps are being taken to improve cybersecurity in the future, the suit charges. Without these essential details, victims’ ability to mitigate the consequences of the incident is “severely diminished,” the case argues.

The lawsuit looks to represent anyone whose private information was maintained on the computer systems that were compromised in the Northeast Orthopedics data breach announced in March 2024.

Did you receive a data breach letter from Northeast Orthopedics? Let us know here.