The Supreme Court of Georgia revived a lawsuit accusing Athens (Ga.) Orthopedic Clinic of negligence for a 2016 patient data breach, according to court documents filed Dec. 23.
The court unanimously reversed an appeals court's decision to dismiss the suit — which was filed by Athens Orthopedic Clinic patients affected by a June 2016 cyberattack — ruling that the "injury the plaintiffs allege that they have suffered is legally cognizable."
Hackers from a group called thedarkoverlord reportedly stole credentials from a third-party vendor to infiltrate Athens Orthopedic Clinic's EHR, HealthITSecurity reported. The names, addresses, Social Security numbers, birthdays, phone numbers and medical information of at least 200,000 current and former patients were potentially compromised.
When the clinic refused to pay a ransom, the group reportedly sold patient data on the dark web, putting individuals at higher risk of identity fraud. Athens Orthopedic Clinic patients have since been battling criminal attempts to obtain their credit cards, tax returns and checks, steal their identities, and open accounts in their names, according to the lawsuit.
After reporting the breach, Athens Orthopedic Clinic notified patients that it didn't have insurance to cover credit monitoring and identity theft restoration services.
The patients later sued Athens Orthopedic Clinic for negligence, breach of implied contract and "unjust enrichment." They're seeking damages for the cost of credit monitoring and identity theft protection services, as well as a judgment that the clinic must better secure patient data.
More articles on spine and orthopedics:
SeaSpine launches midline posterior fixation system — 3 insights
AAOS awards highest honor to Dr. Dana Covey
Woman arrested for prescription fraud — 4 insights