Scott Cole, a veteran class action attorney and founder of Oakland-based Cole & Van Note, has filed a class action lawsuit against NorthBay Healthcare Group following a massive data breach that exposed the sensitive personal information of over 569,000 patients.
What happened
On January 30, 2025, NorthBay Healthcare Group announced a major data breach that compromised patients’ names, Social Security numbers, medical records, biometric data, financial account numbers, and login credentials. However, according to the lawsuit, NorthBay Healthcare Group had been aware of the breach for nearly a year before disclosing it. Two class action lawsuits—Johnson, et al. v. NorthBay Healthcare Group and Shaw, et al. v. NorthBay Healthcare Group—were filed in California state and federal courts, respectively.
See also: HIPAA Compliant Email: The Definitive Guide
Going deeper
The lawsuit filed against NorthBay Healthcare Group alleged that the company failed to implement adequate security measures to detect and prevent cyber-attacks. The lawsuit claimed that 569,012 individuals had their financial, medical, and health insurance details compromised in a ransomware attack last year. The breach involved the Embargo ransomware group, which attacked NorthBay's systems between January 11 and April 1, 2024. The plaintiffs seek financial compensation and demand that NorthBay improve its security protocols to prevent future breaches. The lawsuit also seeks to confirm the extent of the breach and the company's response to the incident.
See also: Legal liabilities associated with a data breach
What was said
According to Businesswire, Scott Cole, the principal attorney on the case, emphasized the severity of the breach: “The combination of biometric, financial, and medical data that were accessed in this data hack makes this situation unique.” He continued to say that “Despite [the] hundreds of data breaches every year in this country, most do not involve such highly sensitive patient information as was obtained here.”
Read also: Report: Over 1.7 billion individuals affected by data breaches in 2024
FAQs
Why are healthcare providers frequently targeted by cybercriminals?
Healthcare providers store vast amounts of sensitive patient data, making them lucrative targets for cybercriminals. Medical and financial records are highly valuable on the dark web, leading to an increase in cyberattacks against the healthcare sector.
Go deeper: Why healthcare is a major target for cyberattacks
What should affected individuals do to protect themselves?
Affected individuals should monitor their financial accounts, update passwords, enable multi-factor authentication where possible, and take advantage of credit monitoring services offered by NorthBay. If suspicious activity is detected, it should be reported immediately to relevant financial institutions and law enforcement agencies.
Tshedimoso Makhene
