Durham, N.C.-based EmergeOrtho is facing a lawsuit related to a ransomware attack that may have exposed the data of more than 75,000 people, Triangle Business Journal reported Nov. 23.
Daniel Green, the lead plaintiff, is asking for compensation and additional oversight and annual audits to prevent future data breaches, according to a lawsuit designated to the North Carolina Business Court Nov. 21. The suit was filed Sept. 12.
The practice in August notified 75,200 patients that some of their protected health information may have been accessed by unauthorized individuals. On May 18, the practice detected and blocked a ransomware attack on some of its computer systems, EmergeOrtho said in a letter to patients. An investigation, which concluded Aug. 19, confirmed that hackers had accessed files containing patients' protected health information, including first and last names, addresses, financial account information, dates of birth and Social Security numbers, and, in some instances, medical and treatment information.
Mr. Green's lawsuit accuses EmergeOrtho of failing to maintain systems that hold private information and claims systems, including electronic medical records, were not fully operable during the investigation into the breach.
In state disclosures, EmergeOrtho said there was no evidence that information was misused, Triangle Business Journal reported. The practice told state officials that systems affected by the breach were rebuilt, and policies related to data storage and management were changed.
EmergeOrtho's attorney didn't respond to Triangle Business Journal's request for comment.