AMARILLO, Texas (KAMR/KCIT) — Four civil lawsuits involving family practice centers, listed as FMC Services, LLC, have been consolidated in Potter County’s 320th Judicial District Court, according to documents recently filed with of Potter County District Court.
These lawsuits, according to their respective motions obtained by MyHighPlains.com, are in response to a cybersecurity attack in July against family medicine centers, where individuals claimed various personally identifiable information and protected health information was compromised by more of 230,000 community members.
According to a data incident notice, posted on the Family Practice Centers website, FMC officials said they “detected and resolved a network data security incident” on July 26. While officials said at the time that they had found “no evidence that any information (had) been specifically accessed for misuse,” they said it was possible that various information about the patients, including dates of birth, social security numbers, names, addresses, and protected health information were exposed.
After the incident, FMC officials said an investigation was conducted, helping to determine “the scope and extent of potential unauthorized access to our systems and any sensitive information.”
“To date, there have been no reports of impersonation or misuse of patient information,” reads the notice that was posted and is currently still on the website. FMC. “However, out of an abundance of caution, FMC sent notification letters to affected individuals on September 23, 2022. The letters included additional information about what happened and described specific personal information that may have been exposed for the individual. ”
In connection with this violation, four individuals filed lawsuits against FMC Services, LLC in Potter County District Court. The four different cases were initially listed as follows:
- Deneli Sharber, individually and on behalf of all others like him against FMC Services, LLC;
- Shanna Byers, individually and on behalf of all others in the same situation c. FMC Services, LLC d/b/a Family Medicine Centers;
- Lyle Schafer, individually and on behalf of all other like-minded persons against FMC Services, LLC;
- Jennifer Holman, individually and on behalf of all others in the same situation c. FMC Services, LLC d/b/a Family Medicine Centers.
On Nov. 16, the 320th Judicial District of the Potter County District Court ruled that the four cases would be consolidated into one, with the Sharber case serving as the lead case, according to court filings.
What do the original petitions say?
According to documents obtained by MyHighPlains.com from the Potter County District Court, the four lawsuits all relate to the same subject, a class-action lawsuit that claims Family Practice Centers failed to “properly secure and protect private and sensitive information (FMC) collected, maintained, stored, analyzed and used to provide its services.
According to the Sharber motion, the main case in the consolidated litigation, the plaintiffs’ objective in this case is “to obtain damages, restitution and injunctive relief” from FMC Services, LLC, seeking remedies , including “compensatory damages, reimbursement of disbursements and injunctions, including enhancements to (FMC’s) data security systems, future annual audits and adequate credit monitoring services.
Officials said in the Sharber petition that an FMC investigation in September found the private information of 233,948 people was accessed in this data breach, including health information, social security numbers, birth dates and addresses. This includes those who are or have been patients of FMC, those who have received health-related or other services from FMC and have provided FMC with their personally identifiable information and protected health information.
The lawsuits say FMC should have been more aware of data security obligations, with a recent increase in data breaches in the healthcare industry.
Legal teams have also said the entire healthcare industry is a “soft target” for a data breach, given that hospitals “sit on a gold mine of sensitive personally identifiable information for thousands of patients at any time,” according to the Schafer petition. .
“FMC has failed to disclose nearly full details of the data breach and its investigation,” Schafer’s petition alleges. “In the absence of such disclosure, questions remain as to the full extent of the data breach, the actual data accessed and disclosed, and what steps, if any, FMC has taken to secure the (personally identifiable and protected health information) still in its possession. Plaintiff seeks to determine the extent of the data breach and the information involved, to obtain a remedy that has repaired the harm caused to the interests of Plaintiff and Class Members and to ensure that FMC puts appropriate measures in place to prevent similar incidents from happening in the future.”
The petitions allege that because of this breach, FMC violated the Health Insurance Portability and Accountability Act and breached the company’s obligations to the complainants and all patients affected by this data breach.
In the motions, the causes of action plaintiffs claim against FMC in these respective lawsuits range from negligence to breach of fiduciary duty and breach of implied contract. The purpose of the lawsuit is for plaintiffs and related parties to the lawsuit to obtain appropriate monetary relief, injunctive and declaratory relief, and reasonable attorneys’ fees. Each of the petitions also called for a jury trial, “of all claims … if justiciable.”
And after?
After the business consolidation order was approved in mid-November, documents that have since been filed include notice to attorneys and parties of the consolidation order.
Other documents that have been filed in this case include motions for attorneys to appear in the “Pro Hac Vice” case. This term is one that the Legal Information Institute at Cornell Law School defines as “a legal term for adding an attorney to a case in a jurisdiction in which he or she is not licensed to practice in such a way that the attorney does not not commit unauthorized”. practice of law”.
MyHighPlains.com has reached out to Family Practice Centers for comment on this story. Steve Smith, CEO of the FMC Health Network, issued the following statement:
“We are unable to comment on pending litigation, however, we take the privacy and protection of our patient information very seriously. We continually improve the security of our network environment by monitoring the evolving cybersecurity landscape and taking appropriate action.
Steve Smith, CEO of the FMC Health Network
MyHighPlains.com has also contacted Ben Barnow of Barnow and Associates, PC and Gary E. Mason of Mason LLP, the two attorneys who are acting as acting co-lead counsel on behalf of the plaintiffs in this consolidated action. The story will be updated if they respond to the request for comment.
This is a developing story. MyHighPlains.com will update this article as new information becomes available.
Download the KAMR Local 4 News app on the App Store or Google Play for updates on the go.
Sign up for email updates from MyHighPlains.com to see the best stories, every day.
Check with MyHighPlains.com to see the latest local news, weather and event updates.
#Family #Practice #Centers #Data #Breach #Lawsuits #Combined #Potter #County #Lawsuit