A proposed class-action lawsuit has been filed against Hackensack Meridian Health after a ransomware attack compromised patient data.
The hospital network had been struck by a ransomware attack on December 2, crippling its computer systems, and disrupting services at 17 urgent care centers, nursing homes and hospitals operated by the network.
The lawsuit, filed in Newark district court, alleges that the ransomware attack was a subsequent result of the “reckless manner” in which the hospital network maintained patients’ private information.
The two plaintiffs allege that as a result of the attack, proposed class members’ information were stolen and sold, thus suffering “ascertainable losses” ranging from a disruption in medical services to out-of-pocket expenses.
The information allegedly compromised included names, demographic details, dates of birth, driver’s license numbers, employment data, medical information and Social Security numbers.
According to the lawsuit, patient information had been maintained in systems that were vulnerable to cyber-attacks, thus the possibility of a ransomware attack was a “known risk” To Hackensack.
“Had HMH properly monitored its property, it would have discovered the intrusion sooner,” read the lawsuit.
Despite an investigation, conducted by Hackensack, finding no evidence of patient data being stolen, the plaintiffs allege that threat actors stole personal information and disclosed it to other unknown parties, thus putting them at risk of fraud and identity theft.
The plaintiffs also allege that Hackensack failed to notify patients of the attack, and did not report the attack to the OCR, as required by the Health Insurance Portability and Accountability Act (HIPAA).
The post #Privacy: Hackensack Meridian network faces breach lawsuit following ransomware attack appeared first on PrivSec Report.