Legislation & Litigation , Standards, Regulations & Compliance
NextGen Facing a Dozen Lawsuits So Far Following Breach
Proposed Class Actions - All Filed in Same Georgia Court - Allege NegligenceCloud-based electronic health records vendor NextGen Healthcare is facing a dozen proposed class action lawsuits filed during the last week in the same Georgia federal court following the company's disclosure this month of a data breach affecting 1 million individuals.
See Also: Enterprise Browser Supporting Healthcare, Cyber Resilience
The lawsuits allege similar claims, including that NextGen was negligent in failing to protect individuals' sensitive information, putting them at risk for identity and fraud crimes.
NextGen disclosed May 5 that it had undergone a hacking incident involving "unauthorized access to database stemming from use of stolen client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen" (see: Cloud-Based EHR Vendor Notifying 1 Million of Data Breach).
Affected information includes individuals' names, birthdates, addresses and Social Security numbers.
That breach report to regulators followed a separate incident that NextGen was investigating in January during a time when the ransomware-as-a-service gang BlackCat, also known as Alphv, briefly listed the company on its data leak site (see: 2 Vendors Among BlackCat's Alleged Recent Ransomware Victims).
NextGen told Information Security Media Group in a May 8 statement that the two hacks had been separate incidents.
A complaint filed last week by Scott Phillips, a lead plaintiff in one of the proposed class action lawsuits, alleges that NextGen should have been prepared for a second hacking incident. The company "was keenly aware of its status as a prime target" for cyberattacks, his suit states.
Phillips' proposed class action lawsuit - similar to the relief being sought by the other lawsuits - is seeking damages as well as a court order to prohibit and prevent NextGen from continuing to engage in alleged "unlawful acts, omissions, and practices" involving its data security and privacy.
NextGen did not immediately respond to ISMG's request on Tuesday for comment on the proposed class action lawsuits.