Mississippi Gulf Coast-based Bienville Orthopaedic Specialists, LLC (BOS) is facing a potential class action lawsuit after a cyberattack on its computer systems earlier this year.
Seven class action lawsuits were filed last month against BOS in the United States District Court for the Southern District of Mississippi. The lawsuits were initiated by current and former patients of BOS and could involve approximately 242,986 class members if granted class-action status.
In a September 2023 notice regarding the data privacy event, BOS stated the following: “On March 5, 2023, BOS became aware of a cyberattack on our computer systems. We promptly took steps to secure our systems and began an investigation into the nature and scope of the incident. The investigation determined that in connection with the incident there was unauthorized access to certain systems in our environment between February 3, 2023, and March 5, 2023, and as a result, certain data stored on our systems was subject to unauthorized acquisition on March 4, 2023. We then undertook a comprehensive review of the affected data to identify what information was within the files at issue. On July 31, 2023, we determined that information in the files at issue contained protected health information and that some of that information related to current and former patients.”
According to Bienville Orthopaedic Specialists, compromised data from the files included: names, Social Security numbers, medical information, health insurance information, usernames and passwords, financial account information, and driver’s license numbers.
A number of the plaintiffs are alleging that the data breach was a “direct result of Defendant’s [BOS] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect its clients’ patients’ Private Information from a foreseeable and preventable cyber-attack.” Complaints include allegations of negligence, breach of implied contract, breach of fiduciary duty, invasion of privacy, and unjust enrichment.
BOS provides orthopedic care at five locations on the Mississippi Gulf Coast. In a recent pleading, BOS asserts that it “was a victim of a cyber-attack.”
Past data breaches and cyberattacks have cost hospitals, clinics, and health insurance companies. For OTW’s previous coverage of cyberattacks, see “The Price of a Data Breach,” “Banner Health Agrees to Pay $6 Million for Data Breach,” “Victims Can Sue Ortho Clinics if Data Hacked,” and “Anthem Pays a Record $16 Million to Settle Data Breach.”
