Savannah, Ga.-based St. Joseph's/Candler Hospital Health System is being accused of failing to properly protect patients' personal and health information, which was exposed by a ransomware attack in June, Savannah Morning News reported Sept. 11.
Six things to know:
1. The health system reported the breach to HHS on Aug. 10 as affecting 1.4 million individuals.
2. St. Joseph's/Candler discovered "suspicious network activity" June 17 and shut down its IT systems. During the downtime, St. Joseph's/Candler switched to backup operation methods, including paper documentation, to limit the potential effects of the ransomware attack.
3. Daniel Elliot, a patient of St. Joseph's/Candler, filed the class-action lawsuit Aug. 28 on behalf of himself and the 1.4 million patients, employees and clients whose information was exposed by the incident, according to the report.
4. The lawsuit alleges that St. Joseph's/Candler failed to "design, adopt, implement, control, direct, oversee, manage, monitor and audit appropriate data security process, controls, policies, procedures, protocols and software and hardware systems" to keep patients' data secure, the publication reported.
5. The plaintiffs are seeking a jury trial, an unspecified amount of monetary relief for punitive damages, restitution and attorney's fees.
6. St. Joseph's/Candler denied the publication's comment request, citing the hospital's policy against commenting on pending litigation.