Class Action Filed Over 2022 Connexin Software, Raleigh Group Data Breach Affecting 2.2 Million Patients

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action claims Connexin Software and Raleigh Group failed to prevent an August 2022 data breach that compromised the personal and health information of more than 2.2 million current and former pediatric patients.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 44-page lawsuit against Connexin, who provides medical records and management software to pediatric practices, and Raleigh Group P.C. alleges the entities could have prevented cybercriminals from infiltrating Connexin’s network on August 26 of last year had they implemented adequate cybersecurity measures. Instead, the defendants “intentionally, willfully, recklessly, or negligently” stored patients’ unencrypted personal information in an internet-accessible environment, the suit charges.

The case says that the plaintiff, a Tennessee resident who last received pediatric services from Raleigh when she was a child, is one of the millions of individuals impacted by the breach. Per the suit, the unauthorized actor responsible for the hack now has access to patients’ and parents’/guardians’ names, home and email addresses, dates of birth, Social Security numbers, health insurance information, medical and/or treatment details and billing and/or claims information.

Connexin began notifying victims roughly three months after the company claims to have discovered the incident on August 26, 2022, the complaint relays. The suit claims the December 6 letter purposefully omitted “the details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure a breach does not occur again.”

As the case tells it, although some individuals affected by the data breach have not obtained services from their pediatricians in over 10 years, Connexin nevertheless maintained their personal and health information on its servers. Due to the defendants’ negligence, current and former patients now face a significant, lifelong risk of identity theft as their sensitive data may end up for sale on the dark web, the filing contends.

The case argues that Connexin and Raleigh, prior to the cyberattack, “knew or should have known” from “readily available and accessible” warnings that cybercriminals regularly target entities who store personal data on their computer systems.

The lawsuit looks to cover anyone whose personally identifiable information and protected health information were compromised in the data breach announced by Connexin on or around December 6, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.