The breach is bad enough, but Washington state-based Yakima Valley Radiology is now facing a HIPAA investigation and potential class action lawsuits.
On March 1, Yakima filed a breach report with HHS and the state of Maine, noting that the breach had impacted 235,249 individuals. By March 5, at least two class action law firms had announced they were investigating, and reports about it appeared on joinclassactions.com and classaction.org. See also Federman and Sherwood or Turke & Strauss, LLP.
The class action websites don’t mince words. From classaction.org:
“If you received a notice that your information was compromised, you may be able to start a class action to collect money for the harm you’ve suffered.”
Yakima Valley Radiology, PC is a radiologist physician group and radiology billing company based in Yakima, Washington. Yakima employs more than 25 people and generates approximately $5 million in annual revenue.
Yakima’s breach notice explains that the company discovered unauthorized access to its network on August 18, 2023. According to the breach report to the Maine Attorney General, the intrusion occurred a week earlier, on August 11.
After discovering the incident, Yakima began investigating with outside cybersecurity professionals to analyze the extent to which data were compromised. The investigation, which concluded on January 31, 2024, revealed that patients’ names and social security numbers were among the data breached.
HIPAA Security Rule is the Gold Standard
A central question in the lawsuits and the HHS investigation will be whether Yakima followed the HIPAA Security Rule. HIPAA requires covered entities to have administrative, physical, and technical safeguards to protect patient privacy. Yakima must show whether it conducted an annual Risk Analysis and followed a Risk Management Plan.
Improve HIPAA compliance today to protect patient privacy and your business reputation, and prevent costly lawsuits.