Washington health center sued after patient record was posted for sale on dark web

Seattle-based Sea Mar Community Health Center is being sued after a data breach that compromised 688,000 patient records, in which a patient's information was posted for sale on a data leak site.

The lawsuit against the Health Center was filed Feb. 22 by a former patient. The patient claims that Sea Mar Community Health Center was negligent in failing to properly safeguard individuals patient protected information and that the Health Center failed to quickly notify patients of the breach.

Breach details 

Between December 2020 and March 2021, an unauthorized individual hacked into Sea Mar's IT network and obtained access to confidential files containing current and former patients’ protected health information.

The hacker gained access to patients' names, addresses, Social Security numbers, dates of birth, client identification numbers, diagnostic and treatment information, medical, vision, and dental insurance information, claims information, and images associated with dental treatment.

In October, the Health Center began notifying patients' about the incident and reported it to the U.S. Department of Health and Human Services. 

The plaintiff claims  he became aware of the hacking incident on June 24, 2021, when the hacker informed him that they had successfully copied the sensitive data from the Health Center with plans to sell it on Marketo marketplace, a marketplace where the cybercriminals sell stolen data to the highest bidder on the dark web. 

The plaintiff alleges that as a result of the incident, affected individuals "suffered injury and ascertainable losses in the form of the present and imminent threat of fraud and identity theft, out-of-pocket expenses, and the value of their time reasonably incurred to remedy or mitigate the effects of the attack, and the loss of value of their personal information," according to the lawsuit. 

The plaintiff requests the health center to pay three years of credit monitoring services, circulate individualized notice of the data breach to all affected members, an award of actual damages, compensatory damages, statutory damages, and statutory penalties and punitive damages.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars