Alliance Healthcare Services plans to ‘vigorously defend’ against ‘unfounded’ PACS-breach lawsuit

Radiology firm Alliance Healthcare Services said it plans to “vigorously defend” itself against a recently proposed class-action lawsuit tied to a picture archiving and communication system breach.

Unauthorized individuals first gained access to 29 patients’ personal information at Northeast Radiology in January 2020. Following the incident, the New York-based practice and its partner Alliance conducted a forensic investigation that found no instances of fraud or identity theft.

However, patients this month have filed suit against the two provider groups, claiming Alliance and Northeast Radiology were lax in responding to the breach. They allege 1.2 million patients’ protected information was exposed, including more than 61 million medical images and charge that the two could have done more proactive.

“As the breach notification states, Alliance HealthCare ‘retained a leading forensic security firm to assist in its investigation and to evaluate systems and processes to further strengthen protections for the PACS’ after the breach occurred,” according to the lawsuit, filed July 8 in the U.S. District Court for the Southern District of New York. “[Alliance and Northeast Radiology] should have taken these steps beforehand to protect the ePHI in their possession and prevent the breach from occurring,” as required by federal guidelines, attorneys claimed.

Irvine, California-based Alliance Healthcare provides a range of radiology services including imaging joint ventures, help with center acquisitions and outsourcing. Alliance first partnered with Northeast Radiology (which has four locations in Connecticut and New York) in 2018 and is now in the process of being acquired by imaging center operator Akumin.

CEO Rhonda Longmore-Grund said the firm “promptly” launched its investigation after the breach, and it found no evidence infiltrators misused personal health information. Northeast Radiology notified all 29 patients impacted by the incident, and “out of an abundance of caution,” all other patients’ whose info was on the same server.

“Alliance intends to vigorously defend the company on this matter, and believes the claims are unfounded,” Longmore-Grund told Radiology Business Monday. “Our dedication to the safety and security of patient records remains our priority,” she added later.

Plaintiffs Jose Aponte II, Lisa Rosenberg and their attorneys are seeking compensation following the incident and asking the court to force Alliance and Northeast Radiology to strengthen their cybersecurity efforts.

Bloomberg Law first reported news of the lawsuit Friday.

Marty Stempniak

Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic. 

Around the web

The patient, who was being cared for in the ICU, was not accompanied or monitored by nursing staff during his exam, despite being sedated.

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.