In a federal lawsuit filed last week, Yoselin Martinez said hackers “had months to access, view and steal patient data unabated.”
Ms. Martinez accuses Farmington-based UConn Health of both failing to recognize the breach, putting the privacy of thousands of patients in jeopardy, and failing to promptly notify patients of it. She is seeking class-action status for her lawsuit.
Since the data breach, Ms. Martinez said there has been fraudulent activity in her bank account caused by the data breach. The lawsuit claims UConn Health failed to secure and safeguard patients personal and health information.
UConn Health said it discovered that email accounts had been attacked on Dec. 24, but didn’t begin notifying 326,000 patients of the incident until February, when an investigation uncovered the breach.
“We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might have,” UConn Health wrote in the notice to patients. “We have taken and will continue to take steps to help prevent something like this from happening again, including evaluating additional platforms and educating staff and reviewing technical controls.”
More articles on cybersecurity:
Navicent Health alerts patients of July 2018 cyberattack
61% of CIOs think employees leak data maliciously, survey finds
Phishing attack exposes 350,000 Oregon residents’ medical information