IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Cybersecurity

Missouri Health Care System Sued Over Data Breach

The lawsuit against BJC HealthCare alleges that the breach allowed hackers access to personal data such as patients’ names, dates of birth and treatment information and caused emotional and financial distress.

August 13, 2020 • 
Annika Merrilees,  St. Louis Post-Dispatch
Closeup of a piece of paper that says "Lawsuit" at the top with blank lines below that labeled "Plaintiff" and "Defendant." The tip of a pen lying on top of the paper is in the bottom righthand corner of the image.
Shutterstock
(TNS) — A data breach at BJC HealthCare compromised patients’ information and caused them financial and emotional harm, a suit filed this week in St. Louis Circuit Court alleges.

The complaint filed Monday argues that BJC did not make sufficient efforts to protect patients’ data. It seeks to establish a class-action case on behalf of patients whose information may have been accessed.

BJC did not respond to questions Wednesday about the complaint, and referred the Post-Dispatch to a May 5 news release about the event.

The complaint alleges that the breach allowed hackers access to information such as patients’ names, dates of birth and treatment information. It argues that the incident “is taking a significant emotional and physical toll” on those affected.

The complaint says the number of patients whose information was accessed is unknown, but estimated to be more than 287,000 people.

The case claims patients have “incurred significant out-of-pocket costs associated with the prevention, detection, recovery and remediation from identity theft or fraud.”

It characterizes BJC’s approach to maintaining patient privacy as negligent, and seeks damages, including court costs and attorneys’ fees.

BJC said in its news release that on March 6 it identified suspicious activity within three employees’ email accounts. It said it secured the accounts, and hired a computer forensic firm to investigate.

The investigation found that “an unauthorized person” accessed the email accounts on March 6, but could not determine whether that person viewed any of the emails or attachments, according to the release. BJC said it reviewed all of the emails and attachments in the accounts that were accessed, and found some that contained patient information.

BJC said it mailed letters to patients whose information was found in the email accounts, established a toll-free number to answer patient questions, and offered complimentary credit monitoring and identity protection services to some.

The suit was initiated by Brian Lee Bauer, a St. Louis County resident and BJC patient. An attorney representing Bauer, Jack Garvey, said Bauer declined to comment on the case.

©2020 the St. Louis Post-Dispatch, Distributed by Tribune Content Agency, LLC.
gov-footer-logo-2024.png
gt-footer-logo.png
ii-footer-logo.png
nav-footer-logo.png
cdg-footer-logo.png
cde-footer-logo.png
em-footer-logo.png