We previously reported that 21st Century Oncology suffered a data breach in October 2015 involving an intrusion into its systems which compromised around 2 million patients’ records, including their names, Social Security numbers, physicians’ names, insurance information, treatment information and diagnoses [view related posts here and here]. As a result of the data breach, sixteen class action cases were filed against the cancer treatment provider in Florida and California.
The suits allege various causes of action, but include violation of the Fair Credit Reporting Act, the Florida Deceptive and Unfair Trade Practices Act, and delay in providing notification to the patients, since the breach occurred in October 2015, 21st Century was alerted to the intrusion by the FBI on November 13, 2015, and patients weren’t notified until March 4, 2016. 21st Century has indicated that the FBI requested a delay in notifying the patients in order to continue the investigation.
The U.S. Judicial Panel on Multidistrict Litigation consolidated all of the cases on October 7, and ordered that the consolidated cases be tried in the Middle District of Florida.