Milberg Files JDC Healthcare Data Breach Class Action Lawsuit
by Brian Eckert
Attorneys for Milberg Coleman Bryson Phillips Grossman PLLC (“Milberg”) have filed a class action lawsuit stemming from a data breach at a Texas dental services provider that exposed the personal information, including the protected health information, of more than 1 million patients.
Milberg’s lawsuit asserts claims for negligence, breach of implied contract, negligence per se, breach of fiduciary duty, invasion of privacy, and unjust enrichment and seeks compensatory damages, reimbursement of out-of-pocket costs, injunctive relief, and other remedies on behalf of the plaintiffs and the proposed class.
2021 Cyber Incident Targeted PII, PHI of Texas Residents
JDC Healthcare Management LLC provides dental care services at more than 70 Jefferson Dental & Orthodontics clinics in Texas and Oklahoma. The company states on the About Us section of its website that it opened its first office in 1967 and is focused on the idea that “our care changes people’s lives.”
Of the 1,862 recorded data breaches that occurred in 2021, 330 of them (17.7%) were in the medical or healthcare industry.
However, an apparent lack of care in the way that JDC protects patient information has changed its patients’ lives, and not for the better. Approximately 1,026,820 JDC patients had their personally identifiable information (PII) and protected health information (PHI) exposed in a 2021 data breach. In a March 2022 data breach notification sent to impacted individuals, JDC admits to a “malware incident” that occurred from July 27, 2021 to August 16, 2021 and likely exposed information that includes:
- Clinical information
- Social Security numbers
- Driver’s license numbers
- Dates of birth
- Health insurance information
- Financial information
JDC says that “the investigation to determine the full scope of information affected is ongoing.” The healthcare provider did not specify the type of cyberattack that it suffered—only that it was a “malware incident” on “certain company systems” and that those systems were temporarily taken offline. According to Security Week, this suggests that ransomware might have been used in the cyberattack.
Last year, the number of reported data breaches increased 68% to a record-high 1,862, reports CNET, citing data from the Identity Theft Resource Center. The previous record of 1,506 was set in 2017. Of the 1,862 recorded data breaches, 330 of them (17.7%) were in the medical or healthcare industry. The 330 breaches exposed more than 28 million sensitive records. In 2020, 306 medical/healthcare breaches exposed 9.7 million sensitive records.
Milberg Lawsuit Looks to Establish Data Breach Class
Milberg states in its complaint that, in light of recent high profile cybersecurity incidents at other healthcare partner and provider companies, JDC “knew or should have known that its electronic records would be targeted by cybercriminals.”
The lawsuit accuses JDC of failing to properly maintain and safeguard its computer systems and data. Specifically, JDC allegedly did not comply with FTC guidelines for implementing reasonable data security practices, ignored industry best practices such as using multi-layer security and encryption, and violated HIPAA standards of care.
Anyone whose private information was compromised in the JDC Healthcare data breach may be eligible to join Milberg’s class action lawsuit.
“Defendant negligently and unlawfully failed to safeguard Plaintiffs’ and Class Members’ Private Information by allowing cyberthieves to access, and hold hostage, JDC’s IT systems, which contained unsecured and unencrypted Private Information,” states the complaint.
As a result, “Plaintiffs and Class Members now face an increased risk of fraud and identity theft,” the complaint adds.
At the time it issued a data breach notification, JDC said that there was “no evidence of actual or attempted misuse of data.” But as detailed in Milberg’s lawsuit, data breach victims are at risk of fraud and identity theft for years following a cybersecurity incident. Medical data breach victims can also face a deterioration in the quality of care they receive.
The lead plaintiffs in the case have suffered ascertainable losses from the JDC cyberattack, including:
- Out-of-pocket expenses and the value of their time incurred to mitigate the effects of the data breach
- Emotional distress
- The imminent risk of future harm caused by the compromise of their sensitive personal information
- The loss of the benefit of the bargain they made with JDC (paying for a service that should have been accompanied by adequate data security).
On behalf of others similarly affected by the data breach, they seek to establish a class consisting of:
All persons whose Private Information was compromised as a result of the July – August 2021 Data Breach, for which JDC provided notice on or about February 25, 2022.
Milberg: A National Leader in Class Action and Data Breach Litigation
Milberg pioneered federal class action litigation more than 50 years ago and set a new standard for holding corporations accountable. Today, the firm remains a national leader in class action and data breach lawsuits, with a track record of successfully defending consumers’ rights against companies like Anthem, Capital One, Equifax, Facebook, Google, and Yahoo.