Wright & Filippis LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Wright & Filippis LLC, a Michigan-based provider of prosthetics, orthotics, and accessibility solutions, experienced a significant data breach between January 26 and January 28, 2022. This cybersecurity incident, which culminated in a ransomware attack, led to unauthorized access to or acquisition of certain files or accounting records. The breach potentially impacted the protected health information (PHI) and personally identifiable information (PII) of approximately 877,584 individuals. The compromised information included names, dates of birth, Social Security numbers, financial account numbers, health insurance information, and driver’s license numbers[1][4][7].

In response to the breach, Wright & Filippis took immediate steps to secure its systems and investigate the nature and scope of the incident. The company implemented a series of cybersecurity enhancements, including the installation of additional endpoint detection and response software, resetting all passwords, and rebuilding affected servers. Despite these measures, the breach led to several class action lawsuits, which were later consolidated into a single lawsuit. The plaintiffs alleged that Wright & Filippis was negligent due to the failure to implement reasonable and appropriate security measures to protect patients’ sensitive data and unnecessarily delayed issuing breach notifications[4].

A settlement was proposed to resolve the claims, with Wright & Filippis agreeing to a $2.9 million settlement. This settlement aims to cover administrative expenses, notice, costs, and fee and service awards. Under the terms of the settlement, class members can submit a claim for up to $5,000 to cover documented losses and a claim for credit monitoring services. Alternatively, class members can choose to receive a cash payment from the remaining settlement fund after other expenses have been paid. Lead plaintiffs are set to receive a service award of $1,500[3][4].

The settlement received preliminary approval from a Michigan federal court, and a final fairness hearing is scheduled for May 16, 2024. Impacted individuals have the opportunity to submit a claim before the final fairness hearing[6]. Wright & Filippis has also committed to improving its data security measures as part of the settlement agreement[3].

Citations:

  1. https://www.firsttoserve.com/notice/
  2. https://www.hipaajournal.com/2022-healthcare-data-breach-report/
  3. https://www.masonllp.com/news_post/wright-filippis-data-breach-class-action-settles-for-2-9-million/
  4. https://www.hipaajournal.com/wright-filippis-proposes-2-9-million-class-action-data-breach-settlement/
  5. https://www.wilx.com/2022/11/28/michigan-based-company-wright-filippis-announces-past-data-breach/
  6. https://shublawyers.com/cases/wright-filippis-settlement/
  7. https://www.gs-legal.com/blog/2022/11/wright-filippis-llc-data-breach-investigation/
  8. https://www.jdsupra.com/legalnews/wright-filippis-files-notice-of-data-3499228/
  9. https://www.classaction.org/news/wright-and-filippis-failed-to-prevent-2022-data-breach-that-impacted-over-877k-patients-class-action-alleges
Breach Submission Date Nov 18, 2022
Converted Entity Name Wright & Filippis LLC
Converted Entity Type Healthcare Provider
State MI
Individuals Affected 877,584
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes