DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Georgia Supreme Court resuscitates patient lawsuit against Athens Orthopedic Clinic

Posted on December 25, 2019 by Dissent

The Georgia Supreme Court has breathed new life into a lawsuit by patients of Athens Orthopedic Clinic (AOC) whose data were stolen by thedarkoverlord in 2016. In  a decision issued this week, the judges unanimously reversed the Court of Appeals’ dismissal of the lawsuit, vacated other parts of their ruling, and remanded the case.

At issue before the court was how Georgia law would apply the cognizable injury required for standing in a negligence suit under state law.  The lower court had granted the clinic’s motion to dismiss based on the majority agreeing that any harm alleged by the plaintiffs was future harm and speculative.  The state supreme court agreed with the plaintiffs, however, finding hat they had alleged enough harm to survive a motion to dismiss.

The Athens Orthopedic Clinic case was one of thedarkoverlord’s earliest known hacks and extortion attempts in June, 2016.  This site’s coverage of the case and its aftermath can be found linked from here.  When the clinic wouldn’t pay the extortion demand, the hackers  allegedly falsely claimed to have sold some of the data that they had listed on a dark web marketplace.  But eventually, the hackers also began publicly releasing actual segments of the patient database on Pastebin. The pastes were downloaded by unnamed others, increasing the risk that patient data was falling into criminals’ hands or was being acquired by those who could and would misuse it. At least one named plaintiff, Christine Collins, alleged that she suffered actual fraudulent activity on her credit card shortly following the attack.

To add to the patients’ concerns, AOC announced that it did not have any insurance that would cover it for offering affected patients credit monitoring and/or identity theft restoration services.

While the litigation continues to work its way through the courts, one member of thedarkoverlord is preparing to stand trial for his role in the attack on the clinic and four other attacks.  Although not identified by name, AOC appears to be Victim 5 in Nathan Wyatt’s indictment.  It also appears that AOC was the victim  who received the “rap-style” phone threats, allegedly made by Wyatt.

AOC reported the incident to HHS in the summer of 2016, but there is still no closing summary on any investigation by OCR, which may mean that they still have an open investigation or case.  DataBreaches.net notes that OCR already closed its investigation into other TDO hacks during that same time period, including two of the Missouri victims involved in the Wyatt case: Prosthetic & Orthotics Care and Midwest Orthopedic Pain and Spine. The fact that the AOC case is not closed could mean that the Atlanta region of OCR is just more backlogged than Missouri, or it may be a sign that AOC is not out of the woods with OCR yet.  One of the questions OCR may have for AOC may relate to claims by the hackers that even after AOC knew that they had been hacked, they still didn’t change their login credentials to all their systems, even after weeks and two emails from the hackers letting them know that they still had access.  Not only might OCR have some questions as to whether that happened, but if it did happen, it might support the plaintiffs’ negligence claims.

 

 

 

Category: Breach IncidentsCommentaries and AnalysesHackOf Note

Post navigation

← NM: Portales hospital reports security breach after discovering malware on radiology server
TX: San Antonio mental health and substance abuse services provider hit by ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.