Oregon Anesthesiology Group – Class Action Investigation

Ahdoot & Wolfson is investigating a potential class action lawsuit against Oregon Anesthesiology Group (OAG) following reports that a ransomware attack on its systems in July 2021 resulted in disclosure of sensitive medical and personally identifying information of patients and current and former employees.

According to reports, the breach involves the information of 750,000 patients and 522 current and former OAG employees. Patient information potentially involved in this incident includes names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. OAG also indicated that the cyberattack may have compromised current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms on file.

In a statement, the company said it was contacted by the FBI on October 21, and that the FBI seized an account that contained OAG patient and employee files from “HelloKitty,” a Ukrainian ransomware group. The FBI said it believes the group exploited a vulnerability in OAG’s third-party firewall, enabling the hackers to gain entry to the network. 

Victims of the incident are only being provided with 12 months of Experian identity protection services and credit monitoring. 

OAG’s failure to protect sensitive medical and other information can expose its patients and employees to fraud and identity theft. These failures may violate consumer protection and privacy statutes.

If you or your family member received a notice letter indicating that you were impacted by the OAG data breach, you may be entitled to compensation. Please fill out the form below and one of Ahdoot Wolfson’s lawyers will promptly contact you.