Seattle-based Fred Hutchinson Cancer Center is facing nine lawsuits after a cyberattack leaked clinical data in November.
On Nov. 19, a cybersecurity incident resulted in some patient and employee information being compromised, including names, dates of birth, Social Security information, medical treatment and health insurance information, phone numbers and email addresses, The Seattle Times reported.
Fred Hutch immediately notified federal law enforcement and "engaged a leading forensic security firm to investigate and contain the incident," a hospital spokesperson told Becker's. The system took the clinical network offline within 72 hours and added more "defensive tools" and increased data monitoring. Fred Hutch alerted affected patients shortly after the incident and included resources to protect against potential identity theft and/or fraud. Since the attack, patients have received blackmail emails demanding payment to have personal information removed from the dark web.
The number of patients affected is unclear, but at least nine lawsuits, some of which are class-action suits, have been filed against the hospital, alleging Fred Hutch neglected to keep patient information safe.
"Fred Hutchinson Cancer Center greatly values the trust of our patients and employees, and we are committed to safeguarding their personal information," a Fred Hutchinson spokesperson told Becker's.