A class-action lawsuit has been filed against Attleboro, Mass.-based Sturdy Memorial Hospital after the system fell victim to a ransomware attack in February, according to an Aug. 31 report by The Sun Chronicle.
The lawsuit was filed on Aug. 26 and alleges the hospital failed to protect its patients' protected health information that was stolen in the ransomware attack.
Seven things to know:
- There are an estimated 35,271 patients who have been affected by the data breach, according to the report.
- The lawsuit is seeking an unspecified amount for damages, such as extended credit monitoring, compensatory damages and attorneys' fees. The suit alleges that damages exceed $50,000.
- The hospital paid an undisclosed amount to the hacker group that launched the ransomware attack to get its stolen information back. However, court documents allege that paying hackers does not guarantee the information will be protected.
- The lawsuit also claims that the hospital should have prevented the information from being stolen in the first place.
- "Defendant maintained and secured the [personally identifiable information] in negligent manner by failing to safeguard against ransomware attacks," the complaint said. "Had Sturdy properly maintained its IT systems, it could have prevented the data breach."
- According to court documents, lawyers for the plaintiffs said that two years of complimentary credit monitoring services is insufficient because breached patient information can be abused for longer than two years. It also doesn't compensate the victims for the consequences of the breach.
- Kathi Hague, manager of public and community relations for the hospital, told Becker's that it is against their policy to comment on pending litigation.