A patient of University of Connecticut Health is suing the health system, claiming it "failed to implement adequate and reasonable cybersecurity procedures and protocols," exposing her bank account to fraudulent activity after the health system was hacked in December, according to the Hartford Courant.
In a federal lawsuit filed last week, Yoselin Martinez said hackers "had months to access, view and steal patient data unabated."
Ms. Martinez accuses Farmington-based UConn Health of both failing to recognize the breach, putting the privacy of thousands of patients in jeopardy, and failing to promptly notify patients of it. She is seeking class-action status for her lawsuit.
Since the data breach, Ms. Martinez said there has been fraudulent activity in her bank account caused by the data breach. The lawsuit claims UConn Health failed to secure and safeguard patients personal and health information.
UConn Health said it discovered that email accounts had been attacked on Dec. 24, but didn't begin notifying 326,000 patients of the incident until February, when an investigation uncovered the breach.
"We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might have," UConn Health wrote in the notice to patients. "We have taken and will continue to take steps to help prevent something like this from happening again, including evaluating additional platforms and educating staff and reviewing technical controls."