LAS VEGAS, Nev. (FOX5) – Plaintiffs who filed a lawsuit against a Las Vegas plastic surgery practice after a cyberattack led to leaks of personal information have called the defendants’ motion to dismiss the case a “fundamental misunderstanding” of the class action mechanism.

Hankins & Sohn Plastic Surgery Associates was named as the defendant in a federal class action lawsuit filed this spring by multiple plaintiffs who cited “harm resulting from a data and privacy breach” after the medical practice was reportedly “exfiltrated by a threat actor” during a data breach of the healthcare provider’s computer network on or around February 23.

The complaint stated that the data involved in the breach included but was not limited to “patient names, contact information, dates of birth, Social Security Numbers, driver’s license information, medical history, consultation notes, and photos.” One plaintiff said in the complaint that she was contacted by one of the hackers on March 28 through a texting app, and she said that the threat actor threatened to distribute her information “unless she paid a ransom to the threat actor directly.”

She refused, and according to court documents, the threat actor then shared her consultation photos with her friends, colleagues, and neighbors. The plaintiff added that she has been subjected to extortion and mental anguish following the release of her sensitive information. Additionally, she noted that she will be at heightened risk of fraud and identity theft “for years to come.”

On November 14, Hankins & Sohn filed a motion in federal court, alleging that plaintiffs failed to state a claim upon which relief could be granted, and asked the court to dismiss the lawsuit. The plaintiffs filed a response to that motion on November 28, calling the defense motion premature and procedurally incorrect.

“Despite no motion for class certification currently pending before the Court, Hankins has moved to dismiss the Complaint for failure to meet the requirements of Rule 23,” the response stated. “Such an argument is not only premature but is also raised under the incorrect procedural mechanism.” It went on to ask for the dismissal motion to be denied.

It added that some of the defendants’ legal arguments were “premised on fundamental misunderstandings of data breach law generally, making arguments that courts around the country frequently reject in data breach cases.”

On December 5, the defendants asked for an extension until December 11 to respond to this latest filing due to “the complexity of the Motion and the Opposition.”

Shares:

Leave a Reply

Your email address will not be published. Required fields are marked *