Patients are suing Morristown, Vt.-based Lamoille Health Partners over a June ransomware attack that affected almost 60,000 patients, WCAX News reported Sept. 6.
The lawsuit alleges that the health center was negligent in protecting patients' health information stored on its systems, in violation of the HIPAA Security Rule.
The lawsuit also alleges that Lamoille Health Partners failed to notify patients about the hack and what kind of information was breached.
Lamoille Health Partners first detected the breach on June 13.
An investigation later revealed that an unauthorized user breached its system, potentially gaining access to patient information such as names, addresses, dates of birth, Social Security numbers, health insurance information and medical treatment information.
In July, the health center told WCAX News that it wasn't informing patients because it didn't have much information and that it was working with the FBI to figure it out.
The health center released a notice to patients on Aug. 11.
The lawsuit says approximately 60,000 patients were affected.
The plaintiffs are seeking compensatory damages and are requesting Lamoille Health Partners improve its security systems.