Connexin Software, Inc., which does business as Office Practicum, provides information technology services for pediatric healthcare practices. It therefore maintains large amounts of personally identifiable information (PII) and protected health information (PHI) in its systems. Unfortunately, the complaint for this class action alleges that Connexin “maintained the private information in a reckless manner” which culminated in a data breach.
The class for this action is all persons who received notice that their private information was exposed in the data breach discovered by Connexin in or around August 2022.
A Notice of Security Incident at Connexin’s website, the complaint alleges, said that the company “detected a data anomaly on our internal network” and launched an investigation to determine what had happened. The complaint quotes the Notice as saying that “an authorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party[.]”
The complaint says flatly, “This wording attempts to play down the severity of the incident. However, upon information and belief over 2 million people have been affected by this data breach, including many minors.”
The stolen information may have included names, dates of birth, Social Security numbers, medical or treatment information, and health insurance information.
The theft of minors’ information, the complaint alleges, can cause even more severe harm, because the identity theft and fraud may go on for a long time and not be discovered for years.
Companies that deal with health information are prime targets for hackers. The complaint alleges that “according to the cybersecurity firm Minecast, 90% of healthcare organizations experienced cyberattacks in the past year.” It claims that Connexin should have been aware of the possibility of a cyberattack and should have taken adequate steps to prevent it.
The complaint also faults Connexin with not properly monitoring its systems: “Had Connexin properly monitored its property, it would have discovered the intrusion sooner rather than allowing cybercriminals sufficient time and unimpeded access to permit the PII and PHI of over two million [people] to be stolen.”
The Federal Trade Commission (FTC) publishes guidelines on cybersecurity for businesses., which recommend such things as properly removing personal information they no longer need, encrypting the information in their systems, and understanding the vulnerabilities of their systems.
The complaint alleges that Connexin did not comply with these guidelines, with industry standards for information protection, or with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Connexin Children’s Health Information Data Breach Complaint
January 16, 2023
Connexin Software, Inc., which does business as Office Practicum, provides information technology services for pediatric healthcare practices. It therefore maintains large amounts of personally identifiable information (PII) and protected health information (PHI) in its systems. Unfortunately, the complaint for this class action alleges that Connexin “maintained the private information in a reckless manner” which culminated in a data breach.
Connexin Children’s Health Information Data Breach ComplaintCase Event History
Connexin Children’s Health Information Data Breach Complaint
January 16, 2023
Connexin Software, Inc., which does business as Office Practicum, provides information technology services for pediatric healthcare practices. It therefore maintains large amounts of personally identifiable information (PII) and protected health information (PHI) in its systems. Unfortunately, the complaint for this class action alleges that Connexin “maintained the private information in a reckless manner” which culminated in a data breach.
Connexin Children’s Health Information Data Breach Complaint