A lawsuit alleges that Mena Regional Health System had inadequate cybersecurity practices in place when a November data breach compromised the protected health information of 84,814 people.
The lawsuit, filed Feb. 15 in the Circuit Court of Polk County, Ark., alleges that the November data breach occurred as a result of the health system's failure to take basic cybersecurity precautions to protect patients' personally identifiable information.
The breach resulted in patient information such as names, dates of birth, Social Security numbers, driver's license and government identification numbers, financial account information, and more to be compromised, according to the lawsuit, which seeks class-action status.
Mena Regional Hospital learned on Nov. 8 that an unauthorized party had removed sensitive patient information from its systems in October 2021.
On Nov. 22, the health system notified the patients impacted by the breach but said it was not aware that any of the information removed from its systems was improperly used.