Legislation & Litigation , Standards, Regulations & Compliance

NextGen Facing a Dozen Lawsuits So Far Following Breach

Proposed Class Actions - All Filed in Same Georgia Court - Allege Negligence
NextGen Facing a Dozen Lawsuits So Far Following Breach
Image: NextGen

Cloud-based electronic health records vendor NextGen Healthcare is facing a dozen proposed class action lawsuits filed during the last week in the same Georgia federal court following the company's disclosure this month of a data breach affecting 1 million individuals.

See Also: Enterprise Browser Supporting Healthcare, Cyber Resilience

The lawsuits allege similar claims, including that NextGen was negligent in failing to protect individuals' sensitive information, putting them at risk for identity and fraud crimes.

NextGen disclosed May 5 that it had undergone a hacking incident involving "unauthorized access to database stemming from use of stolen client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen" (see: Cloud-Based EHR Vendor Notifying 1 Million of Data Breach).

Affected information includes individuals' names, birthdates, addresses and Social Security numbers.

That breach report to regulators followed a separate incident that NextGen was investigating in January during a time when the ransomware-as-a-service gang BlackCat, also known as Alphv, briefly listed the company on its data leak site (see: 2 Vendors Among BlackCat's Alleged Recent Ransomware Victims).

NextGen told Information Security Media Group in a May 8 statement that the two hacks had been separate incidents.

A complaint filed last week by Scott Phillips, a lead plaintiff in one of the proposed class action lawsuits, alleges that NextGen should have been prepared for a second hacking incident. The company "was keenly aware of its status as a prime target" for cyberattacks, his suit states.

Phillips' proposed class action lawsuit - similar to the relief being sought by the other lawsuits - is seeking damages as well as a court order to prohibit and prevent NextGen from continuing to engage in alleged "unlawful acts, omissions, and practices" involving its data security and privacy.

NextGen did not immediately respond to ISMG's request on Tuesday for comment on the proposed class action lawsuits.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.