Three weeks ago, 21st Century Oncology announced that medical records of at least 2.2 million current and former patients had been illegally obtained due to a security breach. As a result, last week, three separate class-action lawsuits were filed against 21st Century Oncology. The lawsuits assert the company failed to take adequate security measures in protecting electronic medical records, resulting in a cyber breach exposing them to “substantial financial and other injury and damage.” Plaintiffs are seeking more than US$15 million from 21st Century, accusing the company of multiple violations including negligence, unjust enrichment and breach of implied covenant of good faith and fair dealing. The lawsuit claims the FBI informed 21st Century of the security breach in December 2015, one month after investigators believe the intrusion occurred, but the company did not notify the Security and Exchange Commission until March 4 2016, and current and former patients did not receive letters notifying them the breach until mid-March.