Mississippi Gulf Coast-based Bienville Orthopaedic Specialists, LLC (BOS) is facing a potential class action lawsuit after a cyberattack on its computer systems earlier this year.
Bienville Orthopaedic Specialists Sued Over Data Breach
2 min read Premium comments
Secondary#bienvilleorthopaedicspecialists
Seven class action lawsuits were filed last month against BOS in the United States District Court for the Southern District of Mississippi. The lawsuits were initiated by current and former patients of BOS and could involve approximately 242,986 class members if granted class-action status.
In a September 2023 notice regarding the data privacy event, BOS stated the following: “On March 5, 2023, BOS became aware of a cyberattack on our computer systems. We promptly took steps to secure our systems and began an investigation into the nature and scope of the incident. The investigation determined that in connection with the incident there was unauthorized access to certain systems in our environment between February 3, 2023, and March 5, 2023, and as a result, certain data stored on our systems was subject to unauthorized acquisition on March 4, 2023. We then undertook a comprehensive review of the affected data to identify what information was within the files at issue. On July 31, 2023, we determined that information in the files at issue contained protected health information and that some of that information related to current and former patients.”
According to Bienville Orthopaedic Specialists, compromised data from the files included: names, Social Security numbers, medical information, health insurance information, usernames and passwords, financial account information, and driver’s license numbers.
A number of the plaintiffs are alleging that the data breach was a “direct result of Defendant’s [BOS] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect its clients’ patients’ Private Information from a foreseeable and preventable cyber-attack.” Complaints include allegations of negligence, breach of implied contract, breach of fiduciary duty, invasion of privacy, and unjust enrichment.
BOS provides orthopedic care at five locations on the Mississippi Gulf Coast. In a recent pleading, BOS asserts that it “was a victim of a cyber-attack.”
Past data breaches and cyberattacks have cost hospitals, clinics, and health insurance companies. For OTW’s previous coverage of cyberattacks, see “The Price of a Data Breach,” “Banner Health Agrees to Pay $6 Million for Data Breach,” “Victims Can Sue Ortho Clinics if Data Hacked,” and “Anthem Pays a Record $16 Million to Settle Data Breach.”
React:
Discussion
This is a fascinating development. In my practice we've seen similar outcomes with the revised protocol. The key differentiator seems to be patient selection criteria. Has anyone else noticed the correlation with BMI thresholds?
Great point. I'd push back slightly on the conclusion, the sample size in the cited study is too small to draw population-level inferences. That said, the directional signal is compelling and worth a larger RCT.
We implemented a similar approach last year. Early results are promising but we're still gathering 12-month follow-up data. Happy to share our protocol if anyone is interested.
Join the conversation
Orthopedic professionals are discussing this. Sign in and upgrade to read every comment and add your voice.