Radiology practice must pay $1.85M to settle class action lawsuit stemming from cyberattack

A New York radiology group must pay $1.85 million to settle a class action lawsuit filed following a cybersecurity incident. 

East River Medical Imaging PC experienced the data breach sometime between August and September 2023. The attack potentially impacted over 533,000 individuals, with leaked information including names, contact and insurance info, exam details and Social Security numbers. 

Attorneys representing the affected patients filed suit in December. After nearly a year, the case is set to close, with a court hearing slated for Oct. 22 to grant final approval of the seven-figure settlement. Plaintiff attorney Benjamin F. Johns estimated that about 20,000 individuals have now filed claims seeking a share of the payout. 

“We’re very pleased with the settlement and we think the results of the notice-plan and the high participation evidenced from that confirm this is a very good settlement,” Johns, a co-founding partner with Conshohocken, Pennsylvania-based Shub & Johns LLC, told Radiology Business. “We look forward to presenting it to the court for final approval next week.” 

East River Medical Imaging did not immediately respond to a request for comment Wednesday. Founded in 1970, the practice employs about 10 radiologists operates three locations in the Upper East Side, Lenox Hill and Sutton Place areas of Manhattan, and has a fourth in Westchester County. 

Shub & Johns attorneys filed the first class-action suit against East River on Dec. 5 in the Supreme Court of New York. On Feb. 5, the court issued an order appointing Johns as one of two interim co-lead plaintiffs’ counsel, according to a recap published by the law firm. Attorneys later filed a consolidated complaint on March 26. 

A judge granted preliminary approval for the settlement on April 16. Affected individuals have until Oct. 22 to file a claim, with class members able to collect a maximum of $7,500, according to a website set up to facilitate the settlement. 

Johns said he believes the lawsuit provides a case study for what to do if facing such cyberattack. 

“It’s important to remind medical practices that they are a frequent target for these data breaches. So, it’s all the more important that this sensitive data they’re tasked with protecting is adequately safeguarded,” he said by phone. “In this case, credit to the defendant. They recognized that this was a problem and did the right thing by coming to the settlement table and reaching a deal we think is fair for our clients.”

Marty Stempniak

Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic. 

Around the web

The patient, who was being cared for in the ICU, was not accompanied or monitored by nursing staff during his exam, despite being sedated.

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.