Two patients filed a lawsuit Feb. 10 against Hackensack (N.J.) Meridian Health alleging the health system failed to protect their information.
In December, Hackensack Meridian Health was forced to go into downtime procedures and reschedule a limited number of nonemergency procedures due to a ransomware attack. The health system ended up paying an undisclosed amount of money to gain decryption codes to restore its computer network.
The complaint alleges that their information was stored in a "reckless manner" that could have allowed hackers to obtain their data.
"Had [Hackensack Meridian Health] properly monitored its property, it would have discovered the intrusion sooner," the lawsuit claims. The patients also say that the health system has not informed them of the incident.
The two patients that filed the lawsuit are seeking to turn their case into a class-action lawsuit.
"Hackensack Meridian Health was the victim of a ransomware attack in December 2019. Despite this criminal act, the network took immediate action to protect our patients and to remediate the issue," said Hackensack Meridian Health in a statement to Becker's Hospital Review. "We notified the appropriate authorities, including the FBI, other law enforcement and regulatory authorities. The safety and care of our patients is always our number one priority. Due to the extraordinary efforts of our physicians, nurses, and clinical teams, patient safety was assured during the attack. We also engaged external cybersecurity and forensics experts, who found no evidence that any patient information was subject to unauthorized use or disclosure. We apologize for any inconvenience this attack may have caused. We continue to vigorously work to defend and protect against such criminal activity."
To read the complete lawsuit, click here.
Editor's note: This story was updated Feb. 19 to include a statement from Hackensack Meridian Health.