A Tennessee medical provider has agreed to resolve sweeping class action litigation tied to a cyberattack that exposed the sensitive health information of more than half a million patients, closing a legal chapter born from a digital break-in that rippled across the state.
Murfreesboro Medical Clinic & SurgiCenter confirmed it has reached a settlement over a data breach discovered in April 2023 that involved unauthorized access to the protected health information of roughly 559,000 individuals. The agreement has received preliminary court approval.
A Cyber Intrusion With Far-Reaching Impact
According to court filings, the clinic determined that a “well-known cyber extortion operation” infiltrated its network on or about April 22, 2023, and siphoned off patient and employee data. Affected information ran deep and wide, including names, birth dates, home addresses, phone numbers and copies of driver’s licenses, as well as full or partial Social Security numbers.
The breach also exposed dependent details, dates of service, diagnostic and medical information connected to those visits, test results, procedure notes, prescription data, medical record numbers, and insurance and enrollment information. Patients were notified of the incident in May 2023. The BianLian ransomware group later claimed responsibility, according to the filings.
Like a vault left briefly unguarded, the network intrusion unlocked years of personal records in a matter of moments.
