Alliance Healthcare Services plans to ‘vigorously defend’ against ‘unfounded’ PACS-breach lawsuit
Radiology firm Alliance Healthcare Services said it plans to “vigorously defend” itself against a recently proposed class-action lawsuit tied to a picture archiving and communication system breach.
Unauthorized individuals first gained access to 29 patients’ personal information at Northeast Radiology in January 2020. Following the incident, the New York-based practice and its partner Alliance conducted a forensic investigation that found no instances of fraud or identity theft.
However, patients this month have filed suit against the two provider groups, claiming Alliance and Northeast Radiology were lax in responding to the breach. They allege 1.2 million patients’ protected information was exposed, including more than 61 million medical images and charge that the two could have done more proactive.
“As the breach notification states, Alliance HealthCare ‘retained a leading forensic security firm to assist in its investigation and to evaluate systems and processes to further strengthen protections for the PACS’ after the breach occurred,” according to the lawsuit, filed July 8 in the U.S. District Court for the Southern District of New York. “[Alliance and Northeast Radiology] should have taken these steps beforehand to protect the ePHI in their possession and prevent the breach from occurring,” as required by federal guidelines, attorneys claimed.
Irvine, California-based Alliance Healthcare provides a range of radiology services including imaging joint ventures, help with center acquisitions and outsourcing. Alliance first partnered with Northeast Radiology (which has four locations in Connecticut and New York) in 2018 and is now in the process of being acquired by imaging center operator Akumin.
CEO Rhonda Longmore-Grund said the firm “promptly” launched its investigation after the breach, and it found no evidence infiltrators misused personal health information. Northeast Radiology notified all 29 patients impacted by the incident, and “out of an abundance of caution,” all other patients’ whose info was on the same server.
“Alliance intends to vigorously defend the company on this matter, and believes the claims are unfounded,” Longmore-Grund told Radiology Business Monday. “Our dedication to the safety and security of patient records remains our priority,” she added later.
Plaintiffs Jose Aponte II, Lisa Rosenberg and their attorneys are seeking compensation following the incident and asking the court to force Alliance and Northeast Radiology to strengthen their cybersecurity efforts.
Bloomberg Law first reported news of the lawsuit Friday.