Mednax is a Florida-based health care services provider with more than 4,300 in-network physicians in 39 states. In June 2020, the company discovered that a phishing attack had compromised certain of its business email accounts, according to its data breach notification letter.

A subsequent investigation revealed that the incident had exposed patients' personal information, including their names, birthdates, Social Security numbers, driver's license numbers, bank account details and medical information, the notification letter said.

After publicly acknowledging the data breach in December 2020, Mednax was hit with five class actions: two in the Southern District of Florida and one each in the District of South Carolina, the Southern District of California and the Western District of Missouri.

One of the suits estimated that the breach affected nearly 1.3 million patients.

In February, Mednax asked the JPML to centralize the litigation in the Southern District of Florida. Three of the five plaintiffs supported the motion while two opposed on the basis that there are too few actions to justify centralization.

The panel, headed by U.S. District Judge Karen K. Caldwell of the Eastern District of Kentucky, rejected the opposing plaintiffs' argument.

"Given the number of parties, counsel, and courts involved in this litigation, alternatives to centralization do not appear practicable," the panel wrote. "Centralization is warranted in these circumstances."

The panel also stressed that each of the suits are proposed class actions, share facts involving the data breach, and assert similar claims for negligence, breach of contract and violations of state privacy laws.

The panel assigned the consolidated litigation to U.S. District Court Judge Rodolfo A. Ruiz II of the Southern District of Florida.

John A. Yanchunis of Morgan & Morgan Complex Litigation Group and several attorneys from other firms represent the plaintiffs. Mednax is represented by attorneys from Lash & Goldberg LLP and Alston & Bird.