Chicago-based South Shore Hospital is facing three lawsuits over a December cyberattack that left 115,670 patients' protected information vulnerable, Top Class Actions reported April 22.
On Dec. 10, the hospital was alerted that unauthorized activity was occurring on its network. An investigation found the attacker gained access to files that contained patients' and employees' first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare and Medicaid information.
The lawsuits, all filed by former South Shore patients, were filed April 5, April 7 and April 18. The plaintiffs allege the hospital failed to adequately protect patient data.
When it notified patients of the cyberattack, South Shore said it will be implementing additional security controls, such as enforcing stronger password requirements, enabling multifactor authentication, and creating more training surrounding data privacy and security for the hospital's employees.
The hospital provided those affected by the incident with a 12-month complimentary membership to IDX's credit and CyberScan monitoring service, a $1 million identity theft reimbursement insurance policy and access to identity theft recovery services if necessary.