MS Coast orthopedic practice faces lawsuits over ‘massive’ patient data breach

Anita Lee
·2 min read

Multiple lawsuits have been filed against Bienville Orthopaedic Specialists LLC over a data breach that at least one of the suits claims might have affected more than 240,000 people.

The medical group, which serves patients Coastwide and has 17 doctors, discovered the “massive and preventable cyberattack” around March 5, the lawsuit says, but didn’t begin notifying those who could have been affected until Sept. 1.

Potential victims, the lawsuit says, “were unaware that their sensitive private information had been compromised and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social and financial harm.”

The lawsuits are filed in U.S. District Court in Gulfport. Attorneys for those who filed the lawsuits are seeking class-action status, which means one or more plaintiffs would be selected to represent a larger group potentially injured by the data breach.

U.S. District Judge Louis Guirola, who is presiding over the cases, will decide whether they have enough in common for class-action status or should proceed individually.

Lee Bond, the chief executive officer for Bienville Orthopaedic, said the medical group is contemplating its own legal action to have the lawsuits declared “frivolous,” which could mean sanctions against the firms that filed them.

Law firms from Puerto Rico, Cincinnati, Birmingham and other locations that specialize in class-action litigation are associated with the cases.

“We are not aware of a single instance of any patient information being utilized,” Bond said. He said the cyber attackers did ask for a ransom but declined to say whether one was paid.

Medical data targeted for identity theft

The lawsuit points out that medical data is valuable to identity thieves who can use it to see doctors, get prescriptions and file insurance claims. It also can be used to target marketing to patients with specific maladies.

Singing River Health System also was the victim of a recent cyberattack that crippled its computer systems, which have been restored, public relations manager Ashley Butsch said. Singing River also was asked for a ransom but did not pay one, she said.

Singing River has not described details of the cyberattack, discovered in August, or whether patient data was breached. Instead, Butsch said the cyberattack is still under investigation.

One of the lawsuits filed against Bienville accuses the medical practice of negligence, breach of implied contract and unjust enrichment for allegedly failing to invest in adequate data security in exchange for the valuable patient information.

It asks for unspecified monetary damages and that the judge order Bienville to invest in data security and take other measures to protect patient information.