IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Missouri Health Care System Sued Over Data Breach

The lawsuit against BJC HealthCare alleges that the breach allowed hackers access to personal data such as patients’ names, dates of birth and treatment information and caused emotional and financial distress.

Lawsuit
Shutterstock
(TNS) — A data breach at BJC HealthCare compromised patients’ information and caused them financial and emotional harm, a suit filed this week in St. Louis Circuit Court alleges.

The complaint filed Monday argues that BJC did not make sufficient efforts to protect patients’ data. It seeks to establish a class-action case on behalf of patients whose information may have been accessed.

BJC did not respond to questions Wednesday about the complaint, and referred the Post-Dispatch to a May 5 news release about the event.

The complaint alleges that the breach allowed hackers access to information such as patients’ names, dates of birth and treatment information. It argues that the incident “is taking a significant emotional and physical toll” on those affected.

The complaint says the number of patients whose information was accessed is unknown, but estimated to be more than 287,000 people.

The case claims patients have “incurred significant out-of-pocket costs associated with the prevention, detection, recovery and remediation from identity theft or fraud.”

It characterizes BJC’s approach to maintaining patient privacy as negligent, and seeks damages, including court costs and attorneys’ fees.

BJC said in its news release that on March 6 it identified suspicious activity within three employees’ email accounts. It said it secured the accounts, and hired a computer forensic firm to investigate.

The investigation found that “an unauthorized person” accessed the email accounts on March 6, but could not determine whether that person viewed any of the emails or attachments, according to the release. BJC said it reviewed all of the emails and attachments in the accounts that were accessed, and found some that contained patient information.

BJC said it mailed letters to patients whose information was found in the email accounts, established a toll-free number to answer patient questions, and offered complimentary credit monitoring and identity protection services to some.

The suit was initiated by Brian Lee Bauer, a St. Louis County resident and BJC patient. An attorney representing Bauer, Jack Garvey, said Bauer declined to comment on the case.

©2020 the St. Louis Post-Dispatch, Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.