Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals.
The ransomware attack was detected by Onix Group on March 27. The forensic investigation confirmed that hackers had access to its internal network between March 20 and March 27, 2023, during which time they exfiltrated files that contained employee, affiliate, and client information. The breached information included names, dates of birth, clinical information, and the Social Security numbers of patients of its healthcare clients, and the health plan enrollment and direct deposit information of employees. Healthcare clients affected by the breach included Addiction Recovery Systems, Cadia Healthcare, and Physicians Mobile X-Ray.
The lawsuit, Eric Meyers v. Onix Group LLC, was filed in the U.S. District Court for the Eastern District of Pennsylvania and alleges negligence, negligence per se, breach of implied contract, breach of fiduciary duty, and unjust enrichment. The lawsuit claims Onix group had a legal obligation to implement reasonable and appropriate safeguards to ensure the confidentiality of the data it stored, but instead stored that information in a vulnerable and dangerous condition, then unnecessarily delayed notifications to affected individuals for two months. While Onix Group offered affected...
stage at the Ninth Circuit, where pharmaceutical companies say a momentous new ruling "illustrates perfectly" the constitutional concerns of U. S. Supreme Court justices regarding FCA enforcement. ...