in Newswire Published on January 29, 2021

Mednax, Pediatrix Hit with Class Action Over June 2020 Data Breach Affecting Nearly 1.3M Patients [UPDATE]

by Erin Shaak

Last Updated on October 15, 2024

View Comments

Rumely et al. v. Mednax, Inc. et al.

Filed: January 27, 2021 § 3:21-cv-00152

Read Complaint

Mednax, Inc. and Pediatrix Medical Group face a proposed class action over a June 2020 data breach that reportedly affected nearly 1.3 million patients.

Defendant(s)

Mednax, Inc. Pediatrix Medical Group

Law(s)

California Unfair Competition Law California Confidentiality Of Medical Information Act

State(s)

California

Categories

Privacy Data Breach Class Action Settlement

Case Updates

October 15, 2024 – Mednax Settles Data Breach Litigation for $6 Million

A federal judge has granted final approval to a $6 million settlement that resolves the proposed class action detailed on this page, which was consolidated with several similar lawsuits filed over the Mednax data breach to form multidistrict litigation.

Read ClassAction.org’s write-up about the Mednax data breach settlement.

February 12, 2021 – Another Lawsuit Filed

Mednax has been hit with another proposed class action over the June 2020 data breach mentioned on this page.

The lawsuit, which was initially filed in Broward County, Florida Circuit Court before being removed to federal court, alleges the defendant maintained patients’ private information “in a reckless manner” that left it vulnerable to data thieves.

Per the case, those affected by the breach are at an increased risk of identity theft and fraud due to Mednax’s “negligent conduct.”

The suit looks to represent anyone Mednax identified as being among those impacted by the data breach, including individuals who received data breach notices. The case also proposes a subclass of North Carolina residents who meet the same criteria.

Mednax, Inc. and Pediatrix Medical Group face a proposed class action over a June 2020 data breach that reportedly affected nearly 1.3 million patients, many of them babies and young children.

According to the lawsuit, the “massive and preventable” breach and resulting harm suffered by those affected stemmed from the defendants’ failure to properly safeguard patients’ information, detect the breach, and timely notify those whose information was compromised. Per the suit, the incident has placed patients at risk of identity theft and fraud for years to come.

“Due to Defendants’ negligence and failures, cyber criminals obtained and now possess everything they need to commit personal and medical identity theft and wreak havoc on the financial and personal lives of nearly 1.3 million individuals, many of which are babies and young children, for decades to come,” the complaint scathes.

Founded in 1979, Sunrise, Florida-headquartered Mednax and Pediatrix, a Mednax company, are physician-led healthcare organizations that partner with hospitals and healthcare facilities to offer “clinical services spanning the continuum of care, as well as revenue cycle management, patient engagement and perioperative improvement consulting solutions,” the lawsuit, filed in California’s Southern District Court, explains.

Per the case, the defendants discovered in late June 2020 that unauthorized parties had gained access to certain of their Microsoft Office 365-hosted business email accounts through a phishing attack and uncovered the unencrypted private and medical information of 1,290,670 individuals, many of whom are babies and young children. The compromised information, according to the suit, included patients’ names, dates of birth, health insurance information, medical and/or treatment details, and billing and claims information.

After investigating the breach, the defendants learned that patients’ information had been exposed between June 17 and June 22, 2020 and again between July 2 and July 3, 2020 in a second breach, the case relays.

Despite being aware that over one million patients were affected by the breach, the defendants “did nothing” to warn them of the incident for six months—“an unreasonable amount of time under any objective standard,” according to the suit.

“Apparently, Defendants chose to complete their investigation and develop a list of talking points before giving Plaintiffs and Class members the information they needed to protect themselves against fraud and identity theft,” the lawsuit reads, noting that the plaintiffs were sent data breach notices from Mednax in December 2020.

The complaint alleges the defendants failed to spend sufficient resources monitoring incoming emails and training employees to identify and defend against security threats, and then offered those whose information was compromised “very little” assistance to mitigate the effects of the breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on October 15, 2024 — 9:30 AM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.