Radiology practice must pay $1.85M to settle class action lawsuit stemming from cyberattack

A New York radiology group must pay $1.85 million to settle a class action lawsuit filed following a cybersecurity incident. 

East River Medical Imaging PC experienced the data breach sometime between August and September 2023. The attack potentially impacted over 533,000 individuals, with leaked information including names, contact and insurance info, exam details and Social Security numbers. 

Attorneys representing the affected patients filed suit in December. After nearly a year, the case is set to close, with a court hearing slated for Oct. 22 to grant final approval of the seven-figure settlement. Plaintiff attorney Benjamin F. Johns estimated that about 20,000 individuals have now filed claims seeking a share of the payout. 

“We’re very pleased with the settlement and we think the results of the notice-plan and the high participation evidenced from that comfirm this is a very good settlement,” Johns, a co-founding partner with Conshohocken, Pennsylvania-based Shub & Johns LLC, told Radiology Business. “We look forward to presenting it to the court for final approval next week.” 

East River Medical Imaging did not immediately respond to a request for comment Wednesday. Founded in 1970, the practice employs about 10 radiologists operates three locations in the Upper East Side, Lenox Hill and Sutton Place areas of Manhattan, and has a fourth in Westchester County. 

Shub & Johns attorneys filed the first class-action suit against East River on Dec. 5 in the Supreme Court of New York. On Feb. 5, the court issued an order appointing Johns as one of two interim co-lead plaintiffs’ counsel, according to a recap published by the law firm. Attorneys later filed a consolidated complaint on March 26. 

A judge granted preliminary approval for the settlement on April 16. Affected individuals have until Oct. 22 to file a claim, with class members able to collect a maximum of $7,500, according to a website set up to facilitate the settlement. 

Johns said he believes the lawsuit provides a case study for what to do if facing such cyberattack. 

“It’s important to remind medical practices that they are a frequent target for these data breaches. So, it’s all the more important that this sensitive data they’re tasked with protecting is adequately safeguarded,” he said by phone. “In this case, credit to the defendant. They recognized that this was a problem and did the right thing by coming to the settlement table and reaching a deal we think is fair for our clients.”