Wright & Filippis Failed to Prevent 2022 Data Breach that Impacted Over 877K Patients, Class Action Alleges [UPDATE]
Last Updated on October 17, 2023
Mejia v. Wright & Filippis, Inc.
Filed: December 1, 2022 ◆§ 2:22-cv-12914-SFC-JJCG
A class action claims the failure of Wright & Filippis to adequately safeguard the health information of approximately 877,584 patients is to blame for a 2022 data breach.
October 17, 2023 – Wright & Filippis Data Breach Lawsuit Settled for $2.9 Million
Wright & Filippis has agreed to pay $2.9 million to settle the proposed class action detailed on this page, which was consolidated with seven related lawsuits earlier this year.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
The proposed settlement, if preliminarily approved by the court, would cover roughly 877,584 individuals whose private information was compromised in the January 2022 data breach experienced by Wright & Filippis, including anyone who was sent notice of the incident around November 18, 2022.
According to a brief submitted to the court on October 13, 2023, class members who file a valid claim must select one of three options for how they’d like to receive their share of the deal.
First, covered individuals who provide supporting documentation of their losses related to the breach can choose to submit a claim for up to $5,000. Second, class members can elect to receive at least three years of credit bureau monitoring services and $1 million in identity theft insurance. Third, those covered by the deal can submit a claim to receive a prorated cash payment.
The proposed settlement also requires Wright & Filippis to implement measures designed to improve its data security practices, the brief says.
Overall, the document states that the results achieved by the proposed settlement agreement are “outstanding” and “compare favorably with that achieved in other data breach cases, especially given the size of the [settlement class] here.”
Data breach victims covered by the proposed deal are expected to receive direct notice of the settlement via email or mail within 35 days of preliminary approval. ClassAction.org will update this page if and when the deal receives preliminary approval from the court and when an official settlement website goes live.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
A proposed class action claims the failure of Wright & Filippis to adequately safeguard the protected health information (PHI) of approximately 877,584 patients is to blame for a 2022 data breach.
The 36-page case alleges the prosthetics, orthotics and accessibility solutions manufacturer failed to implement adequate cybersecurity measures to safeguard customers’ sensitive data, resulting in a data breach the company says occurred from January 26 to January 28 of this year. The filing argues that as a result of Wright & Filippis’s negligence, cybercriminals were able to obtain consumers’ highly sensitive information, such as their dates of birth; patient, Social Security and financial account numbers; and health insurance information.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Although Wright & Filippis detected the ransomware attack shortly after it occurred, and in May discovered that patients’ data had been compromised, the company nevertheless did not notify affected individuals until November 18, the complaint says.
Per the case, Wright & Filippis has violated the Health Insurance Portability and Accountability Act (HIPPA) by failing to comply with reasonable industry standards to protect patients’ confidential health information. As a result, the suit argues, data breach victims face an increased risk of identity theft as unauthorized actors seek to profit by disseminating their data.
The plaintiff, a former client of Wright & Filippis, claims that he is forced to spend extra time monitoring his credit reports, financial accounts and medical records for fraud or identity theft, especially since his Social Security number may have been exposed.
“Once PHI is exposed, there is virtually no way to ensure that the exposed information has been fully recovered or contained against future misuse,” the lawsuit says. “For this reason, Plaintiff and Class Members will need to maintain these heightened measures for years, and possibly their entire lives, as a result of Wright & Filippis’s conduct.”
The complaint charges that Wright & Filippis’s deficient data security practices are particularly negligent considering the substantial increase in data breaches in recent years. In fact, the case relays, Wright & Filippis received a 2014 notice from the FBI warning that it had “observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining the Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII).”
The lawsuit looks to represent anyone in the United States whose protected health information was compromised in the data breach disclosed by Wright & Filippis around November 18, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.