Memorial Health System sued after ransomware attack exposed 216,500 patients' info

Marietta, Ohio-based Memorial Health System is facing a potential class-action lawsuit after it notified about 216,500 patients that their protected health information was exposed during an August ransomware attack.

The lawsuit was filed Jan. 19 by Kathleen Tucker, one of the patients whose information was affected. In the complaint, she alleged Memorial maintained patient data "in a reckless manner."

On Aug. 15, a hacker group launched a ransomware attack that shut down Memorial's IT systems, leading to canceled surgeries and diverted ambulances. The attack is linked to Hive, a ransomware group actively targeting hospitals.

In a Jan. 12 notice to patients, Memorial said the potentially affected information included patients' names, dates of birth, medical record numbers, patient account numbers, Social Security numbers and other treatment and medical information.

The lawsuit stated website Bleeping Computer reported there is evidence suggesting databases containing Memorial patients' data were exfiltrated during the attack.

"Memorial Health System denies the allegations and we will vigorously defend against these opportunistic lawsuits," the health system said in statement emailed to Becker's Feb. 1.

Read the full lawsuit here.

Note: This article was updated at 5:15 p.m. Central Standard Time Feb. 1 to include Memorial Health System's comment.

 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars