RadNet Exposure of Employee Information in Data Breach Class Action

Radnet, Inc. provides imaging services for outpatients. It’s also an employer, and as such, it collects and stores the personal identifying information (PII) of its employees. The complaint for this class action claims that it does not take adequate measures to protect this information, as allegedly demonstrated by a 2020 data breach that is at the center of this case.

The Nationwide Class for this action is all persons living in the US who are or were employees of RadNet or any of its affiliates, parents, or subsidiaries, whose PII was compromised in the data breach that occurred around July 18, 2020. A California Subclass has also been defined for people in the above class who live in California.

Two of the three plaintiffs in this case were employed by other companies prior to working for Radnet: Noreen Pfeiffer worked at Medical Imaging of Baltimore; Susan Wright worked at Advanced Imagine Partners, Inc. RadNet acquired both these companies; it took over the PII of employees like Pfeiffer and Wright when it acquired the companies. The third plaintiff, Jose Contreras, worked for RadNet from the start.

The complaint describes RadNet as “a publicly-traded company with a market capitalization approaching one billion dollars” and “a major player in its industry.” In addition to its imaging services, the complaint says, “it also operates an IT division which delivers integrated, web-based, cloud solutions for medical imaging workflow.”

Despite this seeming knowledge about electronic information, it did not manage to protect its employees’ data from exposure. The data breach took place on July 18, 2020, when a cybercriminal copied employee files from a RadNet server onto an external server. Among the data exposed were employees’ names, Social Security numbers, driver’s license numbers, dates of birth, addresses, and passport numbers.

The employees only received notice of the breach around September 28, 2020. The notice said that their information may have been compromised.

The complaint shows an FBI Internet Crime complaint statistics chart of the rise of cybercrime between 2014 and 2018—a mere four years—with the figures increasing at a shocking rate. The complaint claims, “One out of four data breach notification recipients becomes a victim of identity fraud.”

The FBI’s Internet Crime Complaint Center (IC3) 2019 Internet Crime Report, “rapid reporting can help law enforcement stop fraudulent transactions before a victim loses the money for good.” However, the complaint points out, the victims of RadNet’s data breach did not promptly report the breach, waiting almost two months before it provided victims with notices.

The Federal Trade Commission (FTC) has issued guidelines for businesses on protecting personal information. The complaint alleges that RadNet did not follow these guidelines.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

RadNet Exposure of Employee Information in Data Breach Complaint

October 19, 2020

Radnet, Inc. provides imaging services for outpatients. It’s also an employer, and as such, it collects and stores the personal identifying information (PII) of its employees. The complaint for this class action claims that it does not take adequate measures to protect this information, as allegedly demonstrated by a 2020 data breach that is at the center of this case.

RadNet Exposure of Employee Information in Data Breach Complaint

Case Event History

RadNet Exposure of Employee Information in Data Breach Complaint

October 19, 2020

Radnet, Inc. provides imaging services for outpatients. It’s also an employer, and as such, it collects and stores the personal identifying information (PII) of its employees. The complaint for this class action claims that it does not take adequate measures to protect this information, as allegedly demonstrated by a 2020 data breach that is at the center of this case.

RadNet Exposure of Employee Information in Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy