Asheville Eye Associates, an eye care provider serving patients in Western North Carolina, has agreed to settle class action litigation stemming from a November 2024 cyberattack and data breach.
A cyber threat actor accessed its network and potentially viewed or obtained patient information, including names, addresses, health insurance information, and medical treatment information. The Asheville Eye Associates data breach was reported to the HHS’ Office for Civil Rights as affecting 204,984 individuals. The DragonForce ransomware group took credit for the attack and claimed to have exfiltrated 540 GB of data before encrypting files. The data was leaked when the ransom was not paid. The affected individuals were notified about the attack in early February 2024.
Multiple lawsuits were filed in response to the data breach by plaintiffs Robert Woodsmall, Mimi Reynolds, Dena Brito, Robert Ricchetti, and Christopher Miller. The lawsuits were consolidated, In re Asheville Eye Associates Data Incident Litigation, in South Carolina’s General Court of Justice Superior Court Division. The lawsuit asserted several claims, including negligence, negligence per se, unjust enrichment, breach of implied contract, and breach of confidence. Asheville Eye Associates denies all claims and contentions in the lawsuit and maintains there was no wrongdoing…