OakBend Medical Center offers medical services in the Greater Houston area. The complaint for this class action suggests that it maintained “inadequate security practices” and, as a result, suffered a ransomware attack and data breach on September 1, 2022.
The class for this action is all persons living in the US whose information was compromised by the data breach, including all persons to whom OakBend sent a notice of the data breach.
Medical providers and other businesses that collect personal and health care information are frequent targets of cybercriminals, because they store both personally identifiable information (PII) and protected health information (PHI). OakBend, the complaint alleges, offers its services at fifty locations, receiving around 8,500 inpatient visits, 40,000 emergency room visits, and 100,000 outpatient visits each year.
On September 1, 2022, the complaint alleges, OakBend suffered a ransomware attack, which occurs when cybercriminals access and encrypt files, then demand a ransom in exchange for the key to decrypt them. More than a month later, on October 11, the complaint alleges, OakBend acknowledged that “some of our patients and community members are receiving emails sent by third parties regarding the recent ransomware attack.”
The attack was claimed by the Daixin Team, which the complaint claims is “a particularly infamous and dangerous cybercriminal group” about whom the Federal Bureau of Investigation (FBI) recently released a Cybersecurity Advisory, warning that it targeted healthcare businesses. The group claims to have stolen over a million patient records, including names, dates of birth, patient treatment information, and Social Security numbers. The complaint alleges it has already released some of the stolen information.
The complaint claims that OakBend “had obligations created by contract law, industry standards, common law, and its own promises and representations” to keep its patients’ information private and protect it from access by others.
“Upon information and belief,” the complaint alleges that the stolen information was not encrypted, that OakBend maintained it “in a reckless manner[,]” and that OakBend did not properly monitor its systems. It also suggests that “the mechanism of the Data Breach and potential for improper disclosure … was a known risk to [OakBend], and thus [OakBend] was on notice that failing to take steps necessary to secure the Private Information from those risks left that property in a dangerous condition.”
The complaint contends that OakBend did not comply with Federal Trade Commission (FTC) guidelines for security for businesses, with industry security standards, or with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
OakBend Medical Center Ransomware Attack and Data Breach Complaint
December 19, 2022
OakBend Medical Center offers medical services in the Greater Houston area. The complaint for this class action suggests that it maintained “inadequate security practices” and, as a result, suffered a ransomware attack and data breach on September 1, 2022.
OakBend Medical Center Ransomware Attack and Data Breach ComplaintCase Event History
OakBend Medical Center Ransomware Attack and Data Breach Complaint
December 19, 2022
OakBend Medical Center offers medical services in the Greater Houston area. The complaint for this class action suggests that it maintained “inadequate security practices” and, as a result, suffered a ransomware attack and data breach on September 1, 2022.
OakBend Medical Center Ransomware Attack and Data Breach Complaint