Data Breach Investigation of Leaked PracticeFirst Medical Management Patient and Employee Information

Migliaccio & Rathod LLP is currently investigating the New York-based medical practice management vendor PracticeFirst Medical Management Solutions, for failing to safeguard sensitive patient and employee information in a data breach that occurred in December of 2020. The data breach was caused by unauthorized access to the company’s network through a ransomware attack in which an unauthorized actor gained access to certain data held in the company’s IT systems. Examples of the types of data exposed in the leak include employee and patient names, addresses, email addresses, dates of birth, driver’s license numbers, social security numbers, diagnoses, laboratory and treatment information, patient identification numbers, medication information, health insurance identification and claims information, tax identification numbers, employee usernames with passwords, employee usernames with security questions and answers, bank account information, and and/or credit/debit card information.

Despite notifying patients that their information was affected in July of 2021, PracticeFirst noted in a press release that it had only become aware of the attack in December of 2020, which means that the attack could have happened well before then. In previous data breaches involving ransomware attacks, victims of data theft have had their information posted online with little information about who gained access to it. Victims of these types of data breaches may be forced to spend money out of pocket for credit monitoring or fraudulent charges to bank and hospital accounts. Some individuals affected by the breach may have noticed suspicious credit card charges, requests for services or loans in a patient’s name, medical procedures ordered without patient consent, and/or disrupted medical care.

Are you or have you been a PracticeFirst patient or employee who has received a data breach notification letter in the past year?

If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.

The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.