A class action lawsuit, filed Jan. 13, accuses Chicago-based CommonSpirit Health of failing to protect patients' personal information from a recent ransomware attack on the health system.
According to the lawsuit, CommonSpirit Health "lost control" of patient data after its computer system was accessed by an unauthorized third party in a September that caused widespread EHR outages and appointment cancellations
As a result of the breach, 623,774 patients were notified that their information was compromised during the cyberattack. Patient information compromised in the attack included names, addresses, phone numbers, dates of birth and unique IDs used within CommonSpirit Health's system.
The lawsuit alleges that the data breach happened as result of CommonSpirit's negligence and "abject failure" to take basic cybersecurity precautions to protect the patient identifiable information and protected health information stored within its network.
This is the second lawsuit the health system has been hit with since the attack.
On Dec. 29, Leeroy Perkins filed a lawsuit in the U.S. District Court for the Northern District of Illinois against CommonSpirit for the ransomware attack.
The complainant in that suit asked for class-action status as well as damages, restitution and other forms of equitable monetary relief, and declaratory and injunctive relief.