A class action lawsuit claims Akumin failed to protect patient info before a cyberattack.
In October 2023, Akumin Radiology experienced a data breach. According to their online notice, the incident occurred on October 11th, with notices sent out soon after. In this incident, Akumin learned that malware had been used to lock access to some computer files without permission.
In response, the team launched an investigation and briefly took their systems offline until they were able to restore them.
The information involved includes names, home addresses, email addresses, other contact information, dates of birth, Social Security numbers, driver’s license and passport numbers, Medical records and ID numbers, alongside financial and medical information.
Akumin had already been facing a challenging financial time; the company was in debt and facing a decline in revenue. Two weeks after the breach, it was reported the company filed for Chapter 11 bankruptcy.
On December 27th, 2024, Gina Letizio of New Hampshire filed a complaint seeking damages in excess of $5 million.
Letizio and those in the class action suit argue that Akumin failed to properly safeguard sensitive information, leaving thousands of individuals at “imminent and ongoing risk” of fraud and identity theft.
The case was filed in a Florida Southern District Court and stated, “The data was a direct result of [Akumin’s] failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect individuals’ private information with which it was entrusted for either treatment or employment, or both.” The case further alleged that the “unreasonable” and “inadequate” data security practices resulted in class action members suffering “numerous and concrete injuries and damages.”
Akumin CEO, Krishna Kumar, said in a statement, “While we cannot comment on specific litigation, Akumin has been keeping all stakeholders regularly informed of any updates from October 2023 through December 2024.”
“The exposure of one’s private information to cybercriminals is a bell that cannot be un-rung,” said the complaint. The lawsuit is also seeking a jury trial to determine the exact amount in damages, fees, and other costs.
Most class action suits like these settle before ever going to court, but in this case, Letizio’s team uniquely asked for the case to go to trial. Trials can add additional costs, which could make data breaches even more expensive for organizations.
The future of Akumin may now be unclear, especially as the company works through bankruptcy. For organizations already struggling financially, data breaches can be particularly difficult to recover from.
Related: HIPAA Compliant Email: The Definitive Guide