Common use of PROCEDURAL BACKGROUND Clause in Contracts

PROCEDURAL BACKGROUND. The case arises from the alleged compromise of personal identifying information (“PII”) and protected health information (“PHI”) (collectively “Private Information”) as a result of a ransomware attack Defendant experienced on or around May 2021 (the “Data Incident”). Plaintiffs and Class Members (as defined below) include individuals whose Private Information may have been accessed during the Data Incident. In response to the Data Incident, Defendant sent a Notice Letter (“Notice Letter”) to each potentially impacted individual providing a description of the type of Private Information involved. The potentially accessed information may have included: full names, driver’s license or state ID number, passport number, date of birth, medical diagnosis/treatment information, financial account information and/or Social Security Number. In response, class actions were filed in two jurisdictions: ▇▇▇▇▇▇▇ ▇. ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, No. 23-cv-01442 (E.D. Pa.) (Filed Apr. 14, 2023) and ▇▇▇▇▇▇▇ ▇. ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, Case ID 230401942 (Phila. C.P.) (Filed Apr. 19, 2023). In their CAC, filed July 28, 2023, Plaintiffs, collectively, alleged individually and on behalf of a nationwide Class that, as a direct result of the Data Incident, Plaintiffs and Class Members suffered numerous injuries and would likely suffer additional harm into the future. Plaintiffs alleged that Class Members suffered the following categories of ▇▇▇▇▇: (a) loss of privacy; (b) financial costs associated with the prevention, detection, and recovery from actual or potential future identity theft; (c) loss of time and loss of productivity incurred mitigating actual and potential future identity theft(d) anxiety, emotional distress, and other economic and non-economic losses; (e) diminution of value of their PII and PHI; and (f) statutory damages. Plaintiffs, individually and on behalf of other members of the proposed nationwide class, collectively asserted claims for (i) negligence and negligence per se; (ii) Pennsylvania Unfair Trade Practices and Consumer Protection Law, 73 P.S. §§ 201-1, et seq.; (iii) breach of fiduciary duty/confidences; and (iv) declaratory relief.

PROCEDURAL BACKGROUND. The This case arises from the alleged compromise of personal personally identifying information (“PII”) and and/or protected health information (“PHI”) (collectively collectively, “Private Information”) as following a result of a ransomware attack data security incident Defendant experienced on or around May 2021 March 2023 (the “Data Incident”). Plaintiffs Plaintiff and Class Members (as defined below) include individuals current and former patients of Defendant whose Private Information may have been accessed during was potentially impacted in the Data Incident. In response to Following the Data Incident, Defendant sent a Notice Letter (“Notice Letter”) notice to each the individuals whose Private Information was potentially impacted individual providing a description of in the type of Private Information involved. The potentially accessed information may have included: full names, driver’s license or state ID number, passport number, date of birth, medical diagnosis/treatment information, financial account information and/or Social Security NumberData Incident. In response, class actions were filed in two jurisdictions: on July 13, 2023, Plaintiff ▇▇▇▇▇▇▇ filed a putative class action, captioned ▇▇▇▇▇▇▇, individually and as next friend on behalf of M.C. (minor) v. TOC Enterprises, Inc., No. 3:23-cv-00598 (M.D. Tenn.). On July 24, 2023, Plaintiff ▇▇▇▇▇▇▇ filed an amended complaint, adding Plaintiff ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, No. 23-cv-01442 (E.D. Pa.) (Filed Apr. 14On October 25, 2023) and , Plaintiffs amended their complaint, removing Plaintiff ▇▇▇▇▇▇▇ ▇individually, and on behalf of her minor child (M.C.) as Plaintiffs, captioned Bandy v. TOC Enterprises, Inc., d/b/a Tennessee Orthopaedic Clinics, a division of Tennessee Orthopaedic Alliance, P.A., No. ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, Case ID 230401942 3:23-cv-00598 (Phila. C.P.) (Filed Apr. 19, 2023M.D. Tenn.). In their CACher Second Amended Complaint, filed July 28, 2023, Plaintiffs, collectively, Plaintiff alleged individually and on behalf of a putative nationwide Class class that, as a direct result of the Data Incident, Plaintiffs Plaintiff and Class Members have suffered or will suffer numerous injuries and would likely suffer additional harm into the future. Plaintiffs alleged that Class Members suffered the following categories injuries, including (1) diminution in value of ▇▇▇▇▇: (a) loss of privacytheir Personal Information; (b2) financial costs associated with incurred mitigating the prevention, detection, and recovery from actual or potential future imminent risk of identity theft; (c3) loss of time and loss of productivity incurred mitigating actual and potential future the imminent risk of identity theft(d) anxiety, emotional distress, and other economic and non-economic lossestheft; (e4) diminution delay in receipt of value of their PII and PHItax refund monies; and (f5) statutory damagesthe cost of future identity theft monitoring for the Class. PlaintiffsPlaintiff, individually and on behalf of other members of the proposed nationwide class, collectively asserted claims for (i) negligence and negligence; (2) negligence per se; (ii) Pennsylvania Unfair Trade Practices and Consumer Protection Law, 73 P.S. §§ 201-1, et seq.; (iii) breach of fiduciary duty/confidences; and (iv) declaratory relief.;