Migliaccio & Rathod LLP is currently investigating the Birmingham, Alabama-based Norwood Clinic for failing to safeguard sensitive patient information in a data breach that occurred in October of 2021. The incident occurred when the health clinic discovered suspicious activity on its servers, likely as the result of a ransomware attack. An investigation into the incident found that an unauthorized actor had gained access to the clinic’s central record system, which contained patients’ names, contact information, dates of birth, Social Security numbers, Driver’s License numbers, limited health information, and/or health insurance policy numbers. The investigation was unable to determine which subset of the clinic’s patient information could have been accessed, leading Norwood Clinic to send notifications about the data breach to all 228,103 of its patients with little to no information about what kind of information may have been lost for each individual.
Norwood Clinic claims to have secured its servers and cut off the cybercriminals’ access to the hospital systems, with notification letters being sent to affected individuals in February of 2022. Hackers, however, may have already been able to acquire and sell patient information such as social security numbers, health insurance information, personal identifiers, and other important health information. In previous data breaches, victims of data theft have noticed identity theft attempts ranging from fraudulent charges on bank accounts or credit cards, government services ordered in their name, or their information being posted on the dark web.
Are you or have you been a Norwood Clinic patient who has received a data breach notification letter in the past year?
If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.
The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.