Get Started Now! Get Your Credit Repair Do It Yourself!!

Class-action lawsuit filed against Georgia hospital after ransomware attack

Daniel Elliott, a Georgia resident and patient of St. Joseph’s/Candler Hospital Health System, has filed a class-action lawsuit on behalf of himself and the 1.4 million patients, professionals, and clients whose personal, financial and health information may have been compromised in the ransomware attack against the hospital’s IT systems.

Filed on Aug. 28, by the Savannah-based personal injury firm of Harris Lowry Manton LLP, the lawsuit alleges that SJ/C, the region’s largest health care system, violated its privacy policy and acted negligently when it failed to adequately secure patients’ information and take preventive measures to avoid the ransonware attack and data breach, which was detected on June 17. Subsequent investigations revealed that the unauthorized party gained access to the hospital system’s IT network between Dec. 18, 2020, and June 17, 2021.

Related: St. Joseph’s/Candler health system cyberattack offers lessons for us all

According to the lawsuit, patients suffered an increased risk of identity theft and medical identity theft, and “have been forced to expend, and must expend in the future, to monitor their financial accounts, health insurance accounts, and credit files as a result of the data breach.” No specific instances of identity theft were cited in the lawsuit. 

Plaintiffs further allege the hospital neglected to “design, adopt, implement, control, direct, oversee, manage, monitor and audit appropriate data security process, controls, policies, procedures, protocols and software and hardware systems” to protect patients’ information. That information could include, according to a letter sent by CEO Paul Hinchey on Aug. 10, a patient’s name, address, birth date, social security and driver’s license numbers, billing accounts, health insurance plans, and medical records, among other personal and financial details. In the letter, Hinchey said the hospital had returned to “fully operational” status. 

Background: St. Joseph’s/Candler ransomware investigation ongoing, patients offered identity protection

Emails and phone calls to the law firm that filed the suit were not returned. St. Joseph’s/Candler’s spokesperson, Scott Larsen, said that the hospital does not comment on pending litigation.

‘It’s evil’: Ransomware attack on hospital system in Savannah is part of a growing trend

Soumitra Bhuyan, assistant professor at the Edward J. Bloustein School of Planning and Public Policy at Rutgers University, previously told the Savannah Morning News, on average it takes about 96 days to identify the data breach. In some cases, it can take longer.  

“There are hospitals that did not identify that a breach happened for a year,” she said.  

The health care system is offering patients a one-year membership to Experian’s IdentityWorks, which helps detect possible misuse of personal info.  

The plaintiff’s in the class-action lawsuit are seeking a jury trial, unspecified amount of monetary relief for punitive damages, restitution and disgorgement, and payment of attorney fees. 

Savannah Morning News reporter Nancy Guan contributed to this report.

Raisa is a Watchdog and Investigative Reporter for The Savannah Morning News. Contact her at [email protected]

Source: on 2021-09-11 05:56:15

Read More At Source Site

Add a Comment

Your email address will not be published. Required fields are marked *

48 − = 40