Charleston, S.C.-based Roper St. Francis Healthcare is accused in a lawsuit of "negligent acts and omissions" that led to a data breach last year compromising patients' financial and medical information, local NBC affiliate WCBD reports.
The lawsuit claims the data breach occurred between Oct. 14-29, 2020, and states that Roper St. Francis Healthcare has a history of data breaches going back to 2019, according to the April 5 report.
"At all relevant times, Roper knew the data it stored was vulnerable to cyberattack based upon these repeated and ongoing data breaches," the lawsuit states, claiming that the health system had three previous hacking incidents before the one listed in the complaint.
The suit lists the following three previous hacking incidents: The first reported Jan. 29, 2019, as affecting 35,253 people; the second reported Sept. 3, 2020, as affecting 6,000 people; and the third reported Sept. 8, 2020, as affecting 92,963 people.
On April 6, Roper St. Francis Healthcare declined to comment specifically about the lawsuit, but referred to a Jan. 8 notice that acknowledged the October breach informed patients about a subsequent investigation.
The two security incidents noted in September 2020 stemmed from a data breach involving Blackbaud, a company that stores donor information for organizations including health systems. More than 46 hospitals and health systems had patient information exposed in the company's security breach last year.
The class-action lawsuit is seeking economic and non-economic damages.