fbpx

Memorial Hospital System Ransomware Attack and Data Breach Class Action

In recent years, health care entities have been a frequent target of cyberattacks as well as ransomware attacks. In this case, Marietta Area Health Care, Inc., doing business as Memorial Hospital System (MHS), was attacked, exposing the personally identifiable information (PII) and protected health information (PHI) of a large number of patients. This class action bring suit against MHS for what the complaint calls inadequate safeguarding of the information it collected and maintained and for failing to provide timely notice of the data breach.

The class for this action is all persons who used MHS’s services whose private information was maintained on MHS’s system that was compromised in the data breach, and who were sent a notice of the data breach.

On August 14, 2021, the complaint alleges, MHS found malware on some of its servers. After that, it undertook an investigation to find out what had happened. On September 17, the complaint claims, it found that its systems had been accessed between sometime around July 10 through August 15, 2021, allowing the intruders access for around a month.

The intrusion appears to have involved a ransomware attack. The complaint alleges, “The investigation revealed that Private Information was accessed and encrypted without authorization, including patients’ names, Social Security numbers, medical/treatment information, and health insurance information[,]” but adds, “The Private Information contained in the files accessed by hackers was not encrypted.”

The complaint asserts, “Because of the Data Breach, data thieves were able to gain access to and hold hostage [MHS’s] IT systems and[] were able to compromise, access, and acquire the protected Private Information” of patients.

According to the Data Breach Notification at the Office of the Maine Attorney General, the data breach exposed the information of more than 216,000 people.

However, it seems that MHS did not begin notifying the victims until January 19, 2022, five months after it had discovered the data breach. This untimely notification, the complaint alleges, “violated the provisions of Ohio’s Security Breach Notification Act … which required MHS to notify consumers as quickly as possible but no later than 45 days after the breach is discovered.”

The complaint also alleges that MHS did not comply with the Federal Trade Commission’s guidelines for reasonable data security practices, with industry standards, or with the Health Insurance Portability and Accountability Act (HIPAA) standards of care.

According to the complaint, MHS breached its duties or was “otherwise negligent and reckless because it failed to properly maintain and safeguard its computer systems and data.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Memorial Hospital System Ransomware Attack and Data Breach Complaint

January 27, 2022

In recent years, a frequent target of cyberattacks have been health care entities. In this case, Marietta Area Health Care, Inc., doing business as Memorial Hospital System (MHS), was attacked, exposing the personally identifiable information (PII) and protected health information (PHI) of a large number of patients. This class action bring suit against MHS for what the complaint calls inadequate safeguarding of the information it collected and maintained and for failing to provide timely notice of the data breach.

Memorial Hospital System Ransomware Attack and Data Breach Complaint

Case Event History

Memorial Hospital System Ransomware Attack and Data Breach Complaint

January 27, 2022

In recent years, a frequent target of cyberattacks have been health care entities. In this case, Marietta Area Health Care, Inc., doing business as Memorial Hospital System (MHS), was attacked, exposing the personally identifiable information (PII) and protected health information (PHI) of a large number of patients. This class action bring suit against MHS for what the complaint calls inadequate safeguarding of the information it collected and maintained and for failing to provide timely notice of the data breach.

Memorial Hospital System Ransomware Attack and Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy