Allegheny County Courthouse
PITTSBURGH – The firms Lynch Carpenter and Shub Johns & Holbrook have emerged from others who sued a Pittsburgh medical office over a data breach, as a judge has appointed two of their lawyers interim lead counsel.
Allegheny County Court of Common Pleas judge Alan Hertzberg last month named lawyers at those firms to leadership positions in consolidated proceedings against Pittsburgh Gastroenterology Associates, which faces six class actions filed in September.
Though the firm Ahdoot & Wolfson had thrown its hat in the ring for lead counsel, Hertzberg picked Kelly Iverson of Lynch Carpenter and Benjamin Johnson of the Shub firm to act on behalf of the plaintiffs and proposed class members.
“Interim co-lead counsel shall have sole authority to communicate with Defendant’s counsel – including with respect to settlement and settlement negotiations – and the Court on behalf of any Plaintiff unless that authority is expressly delegated to other counsel,” the order says.
The cases target Pittsburgh Gastroenterology Associates, the victim of a ransomware attack that alerted patients their personally identifying information and health records were compromised in August.
The group Sinobi announced it had obtained PGA’s data on Aug. 20. PGA is alleged to have failed to take sufficient measures to protect its patients’ sensitive information.
“Hackers targeted and obtained Plaintiff’s and Class Members’ private information because of its value in exploiting and stealing the identities of Plaintiff and Class Members,” one lawsuit says.
“The present and continuing risk to victims of the data breach will remain for their respective lifetimes.”
Other firms filing suit include Saltz Mongeluzzi, Milberg Coleman and Strauss Borrelli.
Cases cite PGA’s privacy policy, which says it is legally required to maintain the confidentiality of personal health information.
“Despite recognizing its duty to do so, on information and belief, PGA has not implemented reasonabl(e) cybersecurity safeguards or policies to protect its patients’ sensitive information or supervised its IT or data security agents and employees to prevent, detect and stop breaches of its systems,” one suit says.
The ransomware attack announced by Sinobi breached 22 U.S. organizations. Sinobi encrypts stolen files then requests a ransom payment in exchange for them.
