Class Action Filed Over 2022 Connexin Software, Raleigh Group Data Breach Affecting 2.2 Million Patients
Jowers v. Connexin Software, Inc. et al.
Filed: February 1, 2023 ◆§ 5:23-cv-00413
A class action claims Connexin Software and Raleigh Group failed to prevent a data breach that compromised the personal and health information of current and former pediatric patients.
A proposed class action claims Connexin Software and Raleigh Group failed to prevent an August 2022 data breach that compromised the personal and health information of more than 2.2 million current and former pediatric patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 44-page lawsuit against Connexin, who provides medical records and management software to pediatric practices, and Raleigh Group P.C. alleges the entities could have prevented cybercriminals from infiltrating Connexin’s network on August 26 of last year had they implemented adequate cybersecurity measures. Instead, the defendants “intentionally, willfully, recklessly, or negligently” stored patients’ unencrypted personal information in an internet-accessible environment, the suit charges.
The case says that the plaintiff, a Tennessee resident who last received pediatric services from Raleigh when she was a child, is one of the millions of individuals impacted by the breach. Per the suit, the unauthorized actor responsible for the hack now has access to patients’ and parents’/guardians’ names, home and email addresses, dates of birth, Social Security numbers, health insurance information, medical and/or treatment details and billing and/or claims information.
Connexin began notifying victims roughly three months after the company claims to have discovered the incident on August 26, 2022, the complaint relays. The suit claims the December 6 letter purposefully omitted “the details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure a breach does not occur again.”
As the case tells it, although some individuals affected by the data breach have not obtained services from their pediatricians in over 10 years, Connexin nevertheless maintained their personal and health information on its servers. Due to the defendants’ negligence, current and former patients now face a significant, lifelong risk of identity theft as their sensitive data may end up for sale on the dark web, the filing contends.
The case argues that Connexin and Raleigh, prior to the cyberattack, “knew or should have known” from “readily available and accessible” warnings that cybercriminals regularly target entities who store personal data on their computer systems.
The lawsuit looks to cover anyone whose personally identifiable information and protected health information were compromised in the data breach announced by Connexin on or around December 6, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.