IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ga. Hospital Faces Class-Action Suit After Ransomware Attack

Late last month, a class-action action lawsuit was filed against St. Joseph's/Candler Hospital Health System, which suffered a ransomware attack that could have exposed the data of more than a million people.

ransomware_shutterstock_668772514
Shutterstock/JMiks
(TNS) — Daniel Elliott, a Georgia resident and patient of St. Joseph's/Candler Hospital Health System, has filed a class-action lawsuit on behalf of himself and the 1.4 million patients, professionals, and clients whose personal, financial and health information may have been compromised in the ransomware attack against the hospital's IT systems.

Filed on Aug. 28, by the Savannah-based personal injury firm of Harris Lowry Manton LLP, the lawsuit alleges that SJ/C, the region's largest health care system, violated its privacy policy and acted negligently when it failed to adequately secure patients' information and take preventive measures to avoid the ransomware attack and data breach, which was detected on June 17. Subsequent investigations revealed that the unauthorized party gained access to the hospital system's IT network between Dec. 18, 2020, and June 17, 2021.

According to the lawsuit, patients suffered an increased risk of identity theft and medical identity theft, and "have been forced to expend, and must expend in the future, to monitor their financial accounts, health insurance accounts, and credit files as a result of the data breach." No specific instances of identity theft were cited in the lawsuit.

Plaintiffs further allege the hospital neglected to "design, adopt, implement, control, direct, oversee, manage, monitor and audit appropriate data security process, controls, policies, procedures, protocols and software and hardware systems" to protect patients' information. That information could include, according to a letter sent by CEO Paul Hinchey on Aug. 10, a patient's name, address, birth date, social security and driver's license numbers, billing accounts, health insurance plans, and medical records, among other personal and financial details. In the letter, Hinchey said the hospital had returned to "fully operational" status.

Emails and phone calls to the law firm that filed the suit were not returned. St. Joseph's/Candler's spokesperson, Scott Larsen, said that the hospital does not comment on pending litigation.

Soumitra Bhuyan, assistant professor at the Edward J. Bloustein School of Planning and Public Policy at Rutgers University, previously told the Savannah Morning News, on average it takes about 96 days to identify the data breach. In some cases, it can take longer.

"There are hospitals that did not identify that a breach happened for a year," she said.

The health care system is offering patients a one-year membership to Experian's IdentityWorks, which helps detect possible misuse of personal info.

The plaintiffs in the class-action lawsuit are seeking a jury trial, unspecified amount of monetary relief for punitive damages, restitution and disgorgement, and payment of attorney fees.

©2021 Savannah Morning News, Distributed by Tribune Content Agency, LLC.
Special Projects
Sponsored Articles
  • Sponsored
    How the convergence of security and networking is accelerating government agencies journey to the cloud.
  • Sponsored
    How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • Sponsored
    The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.