Connexin Software, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Connexin Software, Inc. Data Breach Overview
Connexin Software, Inc., also known as Office Practicum, experienced a significant data breach in August 2022. The breach affected over 2.2 million pediatric patients and involved unauthorized access to an offline set of patient data used for data conversion and troubleshooting[2][7]. The compromised data included patient demographic information, Social Security Numbers, health insurance information, medical and treatment information, and billing and claims information[2][5]. The breach did not affect the live electronic medical record system or any pediatric practice group’s systems, databases, or medical records[2].
Legal Actions and Settlement
Following the breach, Connexin Software faced multiple lawsuits for allegedly failing to safeguard healthcare and personally identifiable information. A class action lawsuit was filed against the company, accusing it of inadequate protection of its computer network and delaying the public disclosure of the breach[6]. In response to the litigation, Connexin Software agreed to a $4 million settlement to resolve the privacy suit over the breached information[3][4]. The settlement was proposed to avoid bankruptcy and awaits court approval[13][14].
Measures Taken by Connexin Software
In the aftermath of the breach, Connexin Software took several steps to enhance its security and monitoring capabilities. The company engaged a third-party cybersecurity forensic firm to investigate the issue and is working with law enforcement[2]. Connexin also offered identity monitoring services for one year at no cost through a third-party vendor for those whose Social Security numbers were impacted[2].
Impact on Pediatric Practices
The breach impacted nearly 120 pediatric physician practices and practice groups[7]. Connexin Software began mailing notices to impacted patients and has set up a call center for families to call with questions about the incident[8]. The company has also hardened its systems to prevent future incidents[7].
Current Status
As of the latest updates, parties in the Connexin Software data breach litigation have proposed a $4 million settlement to the court, and a motion for preliminary approval of the settlement has been filed[4]. The case is still pending, and the affected parties are awaiting the court’s order granting the plaintiff’s motion[4].
Citations:
- https://www.hipaajournal.com/another-lawsuit-filed-against-connexin-software-over-2-2-million-record-data-breach/
- https://www.databreaches.net/connexin-software-notifies-parents-of-2-2-million-pediatric-patients-of-hack/
- https://www.law360.com/healthcare-authority/other/articles/1798009/software-co-inks-4m-deal-in-privacy-suit-over-breached-info
- http://shublawyers.com/current-cases/connexin-prelim-approval-settlement/
- https://www.classaction.org/pediatric-data-breach-connexin
- https://www.law.com/thelegalintelligencer/2023/01/09/data-breach-class-action-alleges-software-company-failed-to-protect-data-delayed-disclosures/
- https://healthitsecurity.com/news/third-party-data-breach-impacts-119-pediatric-practices-2.2m-patients
- https://www.yourcentralvalley.com/news/local-news/valley-childrens-medical-group-data-security-incident/
- https://www.edelson-law.com/consumer-protection-consumer-fraud/connexin-software-inc-data-breach-investigation/
- https://jamaica-gleaner.com/gleaner/20121025/news/news4.html
- https://www.classaction.org/news/connexin-software-hit-with-class-action-over-pediatrician-data-breach-affecting-2m-plus-patients
- https://www.mychesco.com/a/news/pennsylvania/significant-health-care-data-breaches-you-should-know-about-in-pennsylvania/
- https://www.hipaajournal.com/connexin-software-settlement-avoid-bankruptcy/
- https://www.law360.com/articles/1798009/software-co-inks-4m-deal-in-privacy-suit-over-breached-info
- https://shublawyers.com/news/connexin-software-amended-class-action-complaint/