CodeMetro Data Breach Lawsuit Investigation


On June 19, 2020, CodeMetro, a software provider for numerous children behavior analysis providers, announced that it suffered a serious data breach whereby third-party hackers gained access to troves of sensitive patient information stored on its servers and demanded a ransom in exchange for not releasing the information.

According to its notice, CodeMetro's breach occurred on April 21, 2020, and the stolen patient information included the following highly sensitive information:

  1. Patient names, pictures, parent/legal guardian names, guarantor names, addresses, email addresses, phone numbers, dates of birth, gender, and ethnicity;
  2. School information (such as school name, Individualized Education Program (IEP) start and review dates, assessment and psychological evaluation dates, and eligibility type (type of behavioral or developmental condition or impairment);
  3. Health insurance information including payer names, payer contract dates, policy information including type and deductible amount, and policy ID numbers; and
  4. Medical information including dates of enrollment with an ABA provider’s services, authorized services, allotted time/number of sessions, diagnostic codes and modifiers, charge/reimbursement rates, outcomes, and provider names.

According to CodeMetro, patients of the following facilities were impacted by the breach:

  • Academy for the Advancement of Children with Autism (AACA)
  • ABA Healthcare
  • ABA Works
  • Applied Behavior Analysis Consultation and Services (ABACS LLC)
  • Applied Behavior & Learning Enterprises (ABLE)
  • Autism Experts Empowering Families and Children Together (AEFCT)
  • Applied Behavioral Learning Experiences, Inc.
  • Applied Interventions & Methodologies Inc.
  • Aultruism Inc. Autism & Behavioral Intervention
  • Autism Behavior Intervention
  • Autism Spectrum Intervention, Inc
  • Behavior and Education Inc.
  • Behavior Basics, LLC
  • Behavior Functions Inc.
  • Behavioral Autism Therapies LLC
  • Behavioral Concepts LLC
  • Behavioral Learning Center, Inc.
  • Behavior Respite in Action
  • Capitol Autism Services (CAS)
  • Confidence Connection (CCS)
  • Center For Autism Spectrum Treatment
  • Center for Behavioral Sciences
  • Center For Leadership in Disability
  • Center for Thoughtful Lasting Change Inc.
  • Coast Music Therapy
  • Connec-to-Talk
  • Creative Solutions for Autism
  • Crescent Academy, Inc
  • DG Therapy Group, Inc.
  • Dr. Alicia A. Elliott Speech Pathology, Inc.
  • ECF Kayne Eras Center NPA
  • Family Path Autism Services, LLC
  • Firefly Autism AVCA
  • Florida Autism Center Inc.
  • Focus on All Child Therapies Hawaii Behavioral Health
  • HOPE, Inc
  • Institute for Behavioral Health
  • JumpStart Autism Center
  • Leaps n Boundz
  • Milestones Educational Therapy Inc (METI)
  • Monarch Behavior Solutions, Inc.
  • MOSAIC Rehabilitation, Inc.
  • Optima Family Services
  • Our Kids Developmental Services, Inc.
  • Pacific Coast Speech Services
  • Passport to Adaptive Living
  • Patterns Behavioral Services LLC
  • PlayDate Inc.
  • Project Hope Foundation
  • Quantum Behavioral Solutions Inc.
  • Southwest Autism Research & Resource Center (SARRC)
  • Seaside Therapy
  • Spectrum Behavioral Associates, Inc.
  • Sunderlin Behavioral Interventions
  • T.O.T.A.L. Programs
  • The Family Guidance and Therapy Center of SoCal
  • Trumpet Behavioral Health
  • Tucci Learning Solutions
  • Vista Center for Behavior Analysis
  • Working With Autism

Affected individuals are now at serious risk. If you received a breach notification letter from CodeMetro or one of the providers listed above, please call us at 816.714.7105 or fill out a contact us form here.

Stueve Siegel Hanson attorneys have prosecuted cases involving the largest data breaches in U.S. history, securing billions of dollars for affected consumers. The firm was named the “Cybersecurity & Privacy Group of the Year” by Law360, which recognizes practice groups that “worked on the biggest deals or achieved the biggest wins in the most important cases.” For more information about our data breach practice, click here.

Practice Areas

Jump to Page