We previously reported that 21st Century Oncology (21st Century) experienced a data breach of up to 2.2 million patient records that compromised the names, Social Security numbers and health and diagnostic information [view related posts here and here]. It began notifying patients on March 4, and delayed notification at the request of law enforcement. 21st Century was sued days later by patients stating that it violated the Florida Deceptive and Unfair Trade Practices Act and the Fair Credit Reporting Act.
On March 30, 21st Century was hit with a second proposed class action suit alleging that it failed to properly secure the patient records, and failed to notify the patients in a timely manner, despite specifically being asked not to by law enforcement. Further, the suit alleges unjust enrichment, claiming that a portion of the amounts paid by patients should have been used for data security.
The plaintiffs complain that 21st Century notified the SEC and investors, but thereafter waited a week to notify patients. The named plaintiff alleges that his information was used to try to open several credit card accounts.
Interestingly, the Federal Trade Commission issued a blog alert yesterday (April 4, 2016) about the breach and providing consumers with information about what they can do if they get a notification letter from 21st Century.