Intellihartx Facing Class Action Lawsuit Over 490K-Record Data Breach
A lawsuit has been filed against Intellihartx, LLC, (aka ITx Companies), over a cyberattack by the Clop ransomware group that exploited a vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution. The protected health information of 490,000 patients of its healthcare clients was compromised in the attack in late January. Intellihartx was one of 130 GoAnywhere users to be affected.
Intellihartx, a revenue cycle management company, said protected health information was compromised in the January 30, 2023 cyberattack, including names, contact information, insurance information, diagnoses, medications, dates of birth, and Social Security numbers. Affected individuals were notified about the data breach on June 9, 2023, more than 4 months after the discovery of the attack.
The lawsuit, Laren Perrone v. Intellihartx, LLC, was filed in the U.S. District Court of the Northern District of Ohio Western Division and alleges the defendant failed to properly secure and safeguard the protected health information of the plaintiff and class members, did not adequately supervise its business associates, vendors, and suppliers, and did not detect the data breach in a timely manner.
The lawsuit claims the defendant was aware of the vulnerability on January 29, 2023, so could have prevented the data breach, and also prevented or limited the severity of the breach if it had limited the patient information it shared with its business associates and employed reasonable supervisory measures to ensure that adequate data security practices, procedures, and protocols were being implemented and maintained by its business associates.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The lawsuit claims the plaintiff and class members face an imminent, immediate, and continuing increased risk of suffering ascertainable losses from the data breach, including identity theft and other fraudulent misuses of their data, and have and will continue to incur out-of-pocket expenses mitigating the effects of the data breach. The lawsuit does not allege that protected health information has already been misused or that identity theft or other fraud has been experienced.
The lawsuit claims the defendant failed to comply with the standards of the Health Insurance Portability and Accountability Act (HIPAA) and FTC guidelines, citing security failures such as a lack of adequate data security systems, practices, and protocols to protect against reasonably anticipated threats or hazards and a failure to mitigate the risks of a data breach.
While monetary relief is being sought to cure some of the plaintiff’s and class members’ injuries, injunctive relief is also sought to ensure the alleged information security issues are corrected to prevent further data breaches in the future. In addition to monetary relief, the lawsuit seeks an order from the court requiring the defendant to fully and accurately disclose the nature of the information that was compromised and to adopt sufficient security practices and safeguards to prevent similar incidents in the future.
The plaintiff and class members are represented by Christopher Wiest, Atty at Law PLLC, and Mason Barney ad Tyler Bean of SIRI & GLIMSTAD LLP.