IntelliHartx Data Breach Lawsuits Added to Fortra Cyberattack MDL

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit filed last summer alleges Ohio healthcare revenue cycle company IntelliHartx failed to protect sensitive consumer information during a 2023 data breach that impacted more than 489,000 people. 

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here. 

The 60-page data breach lawsuit and several related cases against IntelliHartx were added this week to the multidistrict litigation (MDL) formed to more efficiently handle roughly 50 lawsuits filed over the January 2023 data breach of the Fortra file-transfer software by Russian ransomware hackers.

According to the suit, the information compromised in the IntelliHartx data breach included full names, addresses, dates of birth, Social Security numbers, and medical and health insurance details, which are protected under Health Insurance Portability and Accountability Act (HIPAA) regulations. 

“The Data Breach was a direct result of [IntelliHartx’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect its patients’ Private Information from a foreseeable and preventable cyber-attack,” the complaint alleges, claiming the company maintained the exfiltrated data in “a reckless manner.” 

In its notice to data breach victims, IntelliHartx relayed that it discovered on February 2, 2023 that its secure file transfer protocol provider, Fortra, experienced a “data privacy event,” the case relays. The company said it promptly launched an investigation to determine the nature and scope of the incident and concluded in May that IntelliHartx patients’ information had been accessed without authorization, the filing says. 

The case states, however, that the defendant failed to note in its data breach letter the root cause of the incident, the vulnerabilities exploited by those responsible, and the measures taken to ensure such an event does not happen again. 

According to the suit, the private information exposed in the IntelliHartx data breach was not encrypted. If it had been, the perpetrators “would have exfiltrated only unintelligible data,” the complaint asserts. 

The lawsuit goes on to contend that IntelliHartx’s offer of 24 months of identity theft monitoring services for data breach victims is “wholly inadequate” as consumers impacted by a cyberattack can face years of ongoing identity theft and medical and financial fraud. 

The case looks to cover all United States residents whose private information was compromised in the data breach announced by IntelliHartx in June 2023. 

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.