Tech company Connexin has agreed to pay $4 million to end class action claims that it was responsible for a data breach that exposed millions of children’s private medical records to a hacker group in 2022.
The news comes after parents sued the company last year, alleging Connexin’s negligence allowed a group named “TommyLeaks” to target and steal the data of about three million young Americans.
Connexin provides recordkeeping services to pediatric officers around the country. The data stolen by the hackers included names, addresses, medical history, social security numbers and billing information, the settlement states, the plaintiffs alleged. Connexin filed the settlement agreement on Feb. 14 in a Pennsylvania federal court.
Connexin provides recordkeeping services to over 9,000 pediatricians across 49 states, according to a class action lawsuit filed against the company in Jan. 2023.
That meant that when one of the company’s servers was hit by the hacking group “TommyLeaks” in August 2022, the hackers had access to the personal data of about three million people – many of them children – the settlement says.
The company started notifying victims of the hack or their parents in December, 2022. However, parents who sued the company alleged the damage was already done.
In the class action lawsuit filed against Connexin by Sandra Rodriguez, the Texas mom-of-two argued that her children’s private information was “now in the hands of criminals.”
Rodriguez alleged that Connexin was negligent in its data security practices, and could have prevented the hack. Her children were patients at Northeast Pediatric Night Clinic in El Paso, she said, and both had their private data leaked.
She said her kids now face a substantial increased risk of identity theft, and that the harm is amplified when it comes to child victims.
“Children are not even participating in the economy and by the time they grow up, join the workforce and get health insurance, their identity may belong to someone else,” she stated.
The settlement will apply to anyone whose data was compromised in the 2022 Connexin hack, the agreement states. Lawyers for the plaintiffs will seek one-third of the settlement fund.
The cyberattack is one of a growing number of cyber threats impacting hospitals and health care centers across the United States, potentially opening up patients' private data to cybercriminals and interrupting people’s quality of medical care.
Just two weeks ago, a cyberattack paralyzed the largest U.S. billing and payment system in the country, the New York Times reported. The attack forced the shutdown of parts of the electronic system operated by Change Healthcare, of UnitedHealth Group, leaving hundreds of providers without the ability to obtain insurance approval for health services.
In December, a group of New York hospitals and health care centers were targeted in a cyberattack that for two months allowed hackers to access patients' private information, CBS reported.
According to the FBI, there were at least 249 ransomware attacks against health care and public health organizations in the United States in 2023.
Loading...
Injury Claims keeps you informed about lawsuits large and small that could affect your daily life. We simplify the complexities of class actions lawsuits, open class action settlements, mass torts, and individual cases to ensure you understand how these legal matters could impact your rights and interests.
If you think a recent legal case might affect you, action is required. Select a class action lawsuit or class action settlement, share your details, and connect with a qualified attorney who will explain your legal options and assist in pursuing any compensation due. Take the first step now to secure your rights.