Two more lawsuits filed against Scranton cardiology group over data breach

Two more lawsuits filed against Scranton cardiology group over data breach
Terrie Morgan-Besecker, The Times-Tribune, Scranton, Pa.
July 10, 2023·2 min read
0

Jul. 10—Cybercriminals attempted to access accounts of a Scranton couple who are among clients whose personal information was exposed in a data breach at a Commonwealth Health cardiology group's practice, according to a proposed class-action lawsuit.

Robert and Colleen Maziarz of Scranton say there have been at least six different incidents since April in which their identity and/or banking information was improperly used, including an attempt to withdraw money from a PayPal account. Their credit union also advised them their account had been compromised.

The couple are among approximately 181,000 people whose information was exposed in a February data breach at Great Valley Cardiology and Scranton Cardiovascular Physician Services, LLC in Scranton, which are part of the Commonwealth Health Physician Network.

The lawsuit, filed July 3 in Lackawanna County Court by Philadelphia attorney Patrick Howard, is among three proposed class-action lawsuits filed related to the incident.

It joins a lawsuit Pittsburgh attorney Gary Lynch filed on July 5 in federal court on behalf the lead plaintiff, Timothy Ferguson, no address listed, and a June 22 lawsuit Radnor attorney Andrew Ferich filed in Lackawanna County Court on behalf of lead plaintiff Michele Jarrow of Olyphant.

The lawsuits each seek damages for the lead plaintiffs and all other persons whose information was compromised.

Each of the lawsuits allege the physician's group was negligent for failing to ensure it had adequate measures in place to protect patients' personal data, including Social Security numbers, driver's license numbers, addresses and dates of birth.

The suits also each fault the physicians group, which learned of the breach in April, for waiting until June 12 to notify affected individuals of the breach. The Maziarz and Ferguson lawsuits note the physicians group was unaware of the breach until the Department of Homeland Security alerted it to the issue.

In publicly acknowledging the breach last month, Commonwealth Health said it needed two months after the breach's discovery in April to conduct a forensic audit to identify everyone whose information was potentially compromised.

Attempts to reach officials with Commonwealth Health System for comment Monday were unsuccessful. The health system ordinarily does not comment on pending litigation.