Preliminary Approval For EmergeOrtho Data Breach Lawsuit

A settlement resolving a data breach class action filed by Milberg attorneys against an orthopedic practice in North Carolina has received preliminary court approval. Milberg was appointed as Class Counsel in the matter. A Final Approval Hearing is scheduled for June.

EmergeOrtho Suffers 2022 Ransomware Attack

In August 2022, EmergeOrtho, a Durham, North Carolina orthopedic practice, notified more than 70,000 patients of a ransomware attack on some of its computer systems.

The company said in a data breach notification that patients’ personal information was “accessed” but not whether it was exfiltrated. The notice also does state if the files were encrypted, the identity of the attackers, or what their ransom demand was.

A record 133 million people had their healthcare data stolen or exposed in 2023.

Affected files include first and last names, addresses, Social Security numbers, and dates of birth, but not medical records, treatment information, or financial and payment card information, according to the notice.

EmergeOrtho’s response to the security incident involved hiring a forensic investigation firm, enhancing system security, and providing affected patients with credit monitoring services for 12 months.

Lawsuit and Preliminary Settlement Details

Daniel Green, who was among the group of patients to receive a notice from EmergeOrtho, filed a data breach class action lawsuit on September 12, 2022. His complaint asserted claims for negligence, invasion of privacy, breach of fiduciary duty, breach of contract, and violations of North Carolina’s Unfair and Deceptive Trade Practices Act.

Green is represented by class action attorneys from Milberg. The case is Green v. EmergeOrtho PA, case number 22 CVS 3533, in the North Carolina Business Court.

On February 26, 2024, a Business Court judge preliminarily approved a settlement that provides for the creation of a $550,000 settlement fund. The judge’s order defines a settlement class of approximately 72,500 individuals who were issued an EmergeOrtho data breach notice. It also names Milberg as Settlement Class Counsel.

EmergeOrtho has taken steps to implement additional security measures and has provided training to its employees to protect against similar incidents.

Under the agreement, settlement class members are eligible to file claims for compensation, including up to $10,000 for out-of-pocket losses and reimbursement for lost time of up to six hours. Class members can additionally claim two years of credit bureau monitoring.

“The Court hereby preliminarily approves the Settlement, as embodied in the Settlement Agreement, as being fair, reasonable and adequate to the Settlement Class, subject to further consideration at the Final Approval Hearing,” the order states.

The Final Approval Hearing is set to take place June 11, 2024 at 9:30 AM in Courtroom 6370 of the Mecklenburg County Courthouse located at 832 East Fourth Street, Charlotte, North Carolina.

EmergeOrtho will provide a list of Settlement Class members within 7 days of the settlement’s preliminary approval. Anyone who receives notice of the class action settlement is eligible to receive payment from the settlement fund.

Healthcare Hackers Wreaking Havoc

A record 133 million people had their healthcare data stolen or exposed in 2023. And two months into 2024, there’s been no letup in healthcare data breaches.

The 11.6 million people who’ve had their health data exposed so far this year represents the highest number for the first two months of any year since 2015, reports Modern Healthcare.

Sixty-one data breaches of 500 or more records were reported to the U.S. Department of Health and Human Services in January—45% higher than in January 2023. The total number of healthcare records breached in January 2024 was 8,800,875, with the largest cyberattack affecting 8.95 million individuals.

An IBM report from February found that healthcare organizations are failing to implement “basic security measures” such as multi-factor authentication. HHS is attempting to address this shortcoming with its recently unveiled voluntary Cybersecurity Performance Goals.

Milberg: A National Leader in Healthcare Data Breach Litigation

The EmergeOrtho settlement is the latest Milberg effort to hold healthcare organizations responsible for lax data security measures that threaten patient privacy. In the past year we’ve filed data breach lawsuits against JDC Healthcare Management, Norton Healthcare, Maxim Healthcare, and other health provider companies.

Since 1965, Milberg—the firm that pioneered federal class action litigation—has filed thousands of class actions, won billions for our clients, set groundbreaking legal precedents, and prompted meaningful changes in how big companies do business.