South Carolina hospital hit with lawsuit following malware attack

Patients of Georgetown, S.C.-based Tidelands Health have filed a class-action lawsuit claiming the health system failed to protect their personal health information following a malware attack, according to local ABC affiliate WPDE.

In December, Tidelands Health was forced to reschedule some procedures because of a malware attack. Clinicians and staff turned to paper records and portions of the IT network were temporarily offline.

While the health system said that no patient data was affected, patients are coming forward saying otherwise. One patient claims the health system lost names, demographic information, dates of birth, Social Security numbers and health insurance information during the malware attack.

Another patient alleges that nurses gave her food items she couldn't eat because her medical records couldn’t be accessed.

The lawsuit claims that Tidelands Health violated HIPAA and failed to report the incident to the HHS, reports WPDE. Additionally, the patients claim that they are susceptible to fraud. Patients are seeking monetary damages as well as free credit monitoring for three years.

In a statement to WPDE, Tideland Health said the following:

"We cannot comment on pending litigation. As we've previously disclosed to patients and the public, on Dec. 12, the Tidelands Health computer network was impacted by a malware incident. Upon discovery of the incident, we immediately engaged external cybersecurity experts to help us secure our network, restore our systems and investigate the situation."

"Our primary computer systems have been restored, and we have resumed normal operations. Our hospitals and outpatient locations continue to deliver safe, high-quality care to our patients and community."

"To date, we have no evidence that patient medical information was exfiltrated during the Dec. 12 malware incident. However, the investigation is ongoing. We continue to take appropriate steps to address the situation, collaborate with the appropriate authorities and notify any impacted individuals, if and when that is needed."

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Content

Featured Webinars

Featured Whitepapers