Eskenazi Health patient seeks class-action status in suit over May ransomware attack

A patient is seeking class-action status in a lawsuit against Indianapolis-based Eskenazi Health after a May ransomware attack that potentially affected 1.5 million people, Nov. 19 documents filed in the Indiana Commerical Court reveal.

Six things to know:

  1. Terri Ruehl Young sued Eskenazi after she discovered a fraudulent charge of $370 on her credit card she used to pay the hospital. Ms. Young also said she discovered someone had tried to change her name on her Equifax credit report, and she lost money and time attempting to repair the damage from the breach.  Her complaint stated that patients, employers and others entrusted the health system with sensitive, personal information, and that trust was betrayed.

  2. Hackers accessed the hospital's network on or about May 19, and the hospital shut down its computer network and went on diversion Aug. 4 in response to what it called an attempted ransomware attack.

  3. About three weeks after shutting down its network, the safety net health system admitted that there indeed had been a data breach, during which data had been obtained and released online.

  4. The system warned employees, patients, former patients, providers and vendors to closely monitor their bank and credit card statements for suspicious activity and to report it if discovered. It also recommended that anybody potentially affected review a free credit report. It maintained there was no evidence of bank or credit card fraud.

  5. But on or about Nov. 11, the health system notified more than 1.5 million patients, current and former patients, employees and providers that their names, Social Security numbers, driver's license numbers, credit card information and medical-related information might have been exposed back in May.

  6. Todd Harper, a spokesperson for Eskenazi, told Becker's that the health system has not been formally served with the lawsuit.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars