Written by: Sam Orlando

Roanoke, Virginia – A class action lawsuit was filed today in the Western District of Virginia against Physicians to Women, Inc. (PTOW), a healthcare provider specializing in obstetric and gynecologic care, over allegations of failing to protect patient data during a cyberattack on April 4, 2023. The lawsuit, brought by plaintiff Latoya Johnson on behalf of herself and potentially thousands of others affected, claims PTOW's negligence led to the unauthorized disclosure of sensitive patient information, including names, Social Security numbers, dates of birth, and medical histories.

According to court documents, PTOW acknowledged the data breach in January 2024, admitting that an unauthorized party had gained access to their systems and acquired files containing private information of its patients. The breach is said to have exposed patients to a heightened risk of identity theft and fraud, as sensitive data could now be in the hands of cybercriminals.

Plaintiff Johnson, a patient of PTOW, asserts that the breach has caused significant harm to those affected, including loss of privacy, potential financial instability, and emotional distress. Johnson and the class seek monetary damages and injunctive relief, demanding that PTOW implement stronger data security measures to prevent future breaches.

The lawsuit emphasizes that healthcare providers, due to the sensitive nature of the data they handle, should adhere to strict data protection standards. It accuses PTOW of failing to employ reasonable security practices, ignoring industry guidelines and regulatory requirements, including those set forth by the Federal Trade Commission and the Health Insurance Portability and Accountability Act (HIPAA).

PTOW, serving the Roanoke Valley and surrounding areas since 1940, has yet to respond to the allegations. The case, highlighting the growing concern over data security in the healthcare sector, underscores the need for robust cybersecurity measures to protect patient information from increasingly sophisticated cyber threats.

The legal action seeks to hold PTOW accountable for the breach and to prompt an overhaul of the company's data security protocols, ensuring the privacy and security of patient information moving forward.

As the case progresses, it will likely shed light on the challenges healthcare providers face in safeguarding digital records and the legal implications of failing to do so. The outcome could influence data security practices across the healthcare industry, as providers strive to protect patient data amidst evolving cyber risks.