Phoenician Medical Center Hit with Class Action Over March 2023 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims negligence on the part of Phoenician Medical Center (PMC) is to blame for a cyberattack purportedly detected in March 2023.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 51-page lawsuit says that after the Phoenix-based healthcare corporation discovered an unauthorized breach of its computer servers on March 31, a subsequent investigation revealed on April 25 that the cyberattack had compromised the private health information of current and former patients treated between 2016 and 2023.

The suit relays that the personal data exposed in the breach included at least patients’ names, contact information, state ID details, demographic information, dates of birth, medical record numbers, diagnosis and treatment data, provider names, dates of service and prescription and health insurance details.

The case argues that the cyberattack was a direct result of PMC’s failure to implement adequate data security practices and properly monitor its computer systems.

“Had Phoenician Medical Center properly monitored its networks, it would have discovered the Breach sooner,” the complaint contends.

The filing also takes issue with PMC’s delay in notifying victims. Per the suit, federal and state laws require organizations to report breaches that involve protected health information within 60 days. Although the PMC breach was purportedly detected in late March, the defendant only began sending notices of the incident at the end of June, around three months later, the lawsuit states.

“As a result of this delayed response, [the plaintiff] and ‘Class Members’ … had no idea for 3 months that their private information had been compromised, and that [the plaintiff] and Class Members were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the suit charges. “The risk will remain for their respective lifetimes.”

Given the prevalence of cyberattacks in the healthcare industry in recent years, PMC should have been well aware of the threat and taken commensurate steps to safeguard the private data entrusted to it, the case contests.

Per the filing, PMC has offered those affected one year of credit monitoring services—a gesture that the case claims is insufficient in light of the lifelong risks of identity theft and medical fraud that victims now face as a result of the defendant’s negligence.

The lawsuit looks to represent anyone in the United States whose personal information was impacted as a result of the PMC data breach, including all who were sent a notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.