Connexin Software, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Connexin Software, Inc. Data Breach Overview

Connexin Software, Inc., also known as Office Practicum, experienced a significant data breach in August 2022. The breach affected over 2.2 million pediatric patients and involved unauthorized access to an offline set of patient data used for data conversion and troubleshooting[2][7]. The compromised data included patient demographic information, Social Security Numbers, health insurance information, medical and treatment information, and billing and claims information[2][5]. The breach did not affect the live electronic medical record system or any pediatric practice group’s systems, databases, or medical records[2].

Legal Actions and Settlement

Following the breach, Connexin Software faced multiple lawsuits for allegedly failing to safeguard healthcare and personally identifiable information. A class action lawsuit was filed against the company, accusing it of inadequate protection of its computer network and delaying the public disclosure of the breach[6]. In response to the litigation, Connexin Software agreed to a $4 million settlement to resolve the privacy suit over the breached information[3][4]. The settlement was proposed to avoid bankruptcy and awaits court approval[13][14].

Measures Taken by Connexin Software

In the aftermath of the breach, Connexin Software took several steps to enhance its security and monitoring capabilities. The company engaged a third-party cybersecurity forensic firm to investigate the issue and is working with law enforcement[2]. Connexin also offered identity monitoring services for one year at no cost through a third-party vendor for those whose Social Security numbers were impacted[2].

Impact on Pediatric Practices

The breach impacted nearly 120 pediatric physician practices and practice groups[7]. Connexin Software began mailing notices to impacted patients and has set up a call center for families to call with questions about the incident[8]. The company has also hardened its systems to prevent future incidents[7].

Current Status

As of the latest updates, parties in the Connexin Software data breach litigation have proposed a $4 million settlement to the court, and a motion for preliminary approval of the settlement has been filed[4]. The case is still pending, and the affected parties are awaiting the court’s order granting the plaintiff’s motion[4].

Citations:

  1. https://www.hipaajournal.com/another-lawsuit-filed-against-connexin-software-over-2-2-million-record-data-breach/
  2. https://www.databreaches.net/connexin-software-notifies-parents-of-2-2-million-pediatric-patients-of-hack/
  3. https://www.law360.com/healthcare-authority/other/articles/1798009/software-co-inks-4m-deal-in-privacy-suit-over-breached-info
  4. http://shublawyers.com/current-cases/connexin-prelim-approval-settlement/
  5. https://www.classaction.org/pediatric-data-breach-connexin
  6. https://www.law.com/thelegalintelligencer/2023/01/09/data-breach-class-action-alleges-software-company-failed-to-protect-data-delayed-disclosures/
  7. https://healthitsecurity.com/news/third-party-data-breach-impacts-119-pediatric-practices-2.2m-patients
  8. https://www.yourcentralvalley.com/news/local-news/valley-childrens-medical-group-data-security-incident/
  9. https://www.edelson-law.com/consumer-protection-consumer-fraud/connexin-software-inc-data-breach-investigation/
  10. https://jamaica-gleaner.com/gleaner/20121025/news/news4.html
  11. https://www.classaction.org/news/connexin-software-hit-with-class-action-over-pediatrician-data-breach-affecting-2m-plus-patients
  12. https://www.mychesco.com/a/news/pennsylvania/significant-health-care-data-breaches-you-should-know-about-in-pennsylvania/
  13. https://www.hipaajournal.com/connexin-software-settlement-avoid-bankruptcy/
  14. https://www.law360.com/articles/1798009/software-co-inks-4m-deal-in-privacy-suit-over-breached-info
  15. https://shublawyers.com/news/connexin-software-amended-class-action-complaint/
Breach Submission Date Nov 11, 2022
Converted Entity Name Connexin Software, Inc.
Converted Entity Type Business Associate
State PA
Individuals Affected 2,675,934
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes