A lawsuit has been filed against Great Valley Cardiology in Scranton, Pa., an affiliate of Commonwealth Health System, following a data breach that compromised the personal information of 181,764 patients, according to a June 26 report from The Times-Tribune.
The lawsuit has been filed by attorney Andrew Ferich on behalf of lead plaintiff Michele Jarrow, a patient impacted by the cyberattack, against the Commonwealth network and Great Valley Cardiology.
The lawsuit alleges that GVC compounded the potential injury to its patients by waiting almost two months to notify the general public of the breach. The breach first occurred on Feb. 2 and was discovered on April 13. Patients were alerted on June 12.
Mr. Ferich alleges that the breach was a result of GVC's failure to implement "adequate and reasonable" procedures to protect from cyberattacks.
"GVC's failure to timely notify the victims of its data breach meant that plaintiff and class members were unable to immediately take affirmative measures to prevent or mitigate the resulting harm," the suit reads.
The suit alleges that Ms. Jarrow suffered harm from the data breach before she was even alerted by the practice, receiving a notice from computer security software McAfee that her personal information was found on the dark web.
Commonwealth Health told patients it needed the two-month period to conduct a forensic audit before alerting the general public.
The lawsuit seeks damages on multiple counts, including negligence, breach of fiduciary duty, breach of contract and unjust enrichment.