Plaintiff Sues Health Care Group for Compromising Health Information in Data Breach


A complaint was filed on Thursday in the District of Massachusetts by Plaintiff William Biscan (both individually and on behalf of all others similarly situated) against defendant Shields Health Care Group Inc. The class action complaint alleges that the defendant acted negligently in handling the plaintiff’s private health information, which led to a data breach and subsequent compromising of the information.

The defendant experienced a cyber-attack on their medical facilities in March of 2022. The attack resulted in the highly sensitive personal information and medical records of nearly 2 million people being exposed.

The complaint explains that the plaintiff and class members’ private and personal information was compromised, unlawfully accessed, and stolen due to the data breach. Some of the confidential information compromised included social security numbers, insurance information, medical record numbers, and other information that falls under HIPAA’s definition of protected health information.

Biscan alleges that the defendant failed to adequately safeguard the private information and failed to notify him of the data breach in a timely manner despite having a duty to the plaintiff to “implement and maintain reasonable and adequate security measures to secure, protect, and safeguard their private information against unauthorized access and disclosure.”

Since the defendants purportedly maintained the plaintiff’s private information in a negligent and reckless manner, Biscan contends that the data breach was a known and foreseeable risk to the defendant. Although the defendant allegedly knew of the risk, Biscan claims that the defendant failed to the necessary steps to protect the private information, leaving it in a “dangerous and vulnerable condition.”

The complaint notes that as a result of the data breach, the class members and plaintiff are at a heightened and imminent risk of fraud and identity theft. Biscan concludes that himself and the class “will continue to incur out-of-pocket costs for purchasing credit monitoring services, credit freezes, credit reports, and other protective measures to deter and detect identity theft.”

The complaint cites negligence, breach of express contract, breach of implied contract, invasion of privacy by intrusion, breach of fiduciary duty, breach of confidence, violation of Massachusetts General Laws, unjust enrichment. Biscan is seeking class certification, an injunction preventing further wrongful conduct and requiring the defendant to use appropriate security measures, monetary relief, actual and punitive damages, litigation fees, pre- and post-judgment interest, and any other relief deemed proper by the Court.

The plaintiff is represented by Sweeney Merrigan Law LLP, Keller Postman LLC, and Finkelstein, Blankinship, Frei-Pearson & Garber LLP.