Massachusetts Hospital Faces Class Action Over Christmas Cyber Attack – Insurance Journal

A Massachusetts hospital that suffered a cyber attack in December has been hit with a class action lawsuit for its alleged failure to secure patients’ personal information.
Anna Jaques Hospital in Newburyport experienced a significant shutdown of its electronic medical records systems and networked computers on December 24, 2023. The attack caused the hospital to redirect ambulances to other hospitals on Christmas day until service was restored on December 26.
The not-for-profit community hospital, part of the Beth Israel Lahey Health System, acknowledged on January 5 that the attack happened.
According to The Record published by Recorded Future News, a ransomware gang called Money Message has publicly admitted it was behind the Anna Jaques attack. It did not say how much of a ransom it is demanding.
The proposed class action, brought by Salisbury resident Gary Cabozzi, alleges negligence and breach of implied contract and good faith by the hospital for failing to protect data. It seeks $5.4 million, or $200 each, in damages for an assumed class of 27,000 plaintiffs. However, according to the lawsuit, the actual number of individuals who have had their data exposed is unknown at this time and could be many more given the size of the hospital.
The complaint also seeks court orders for the hospital to improve its data security systems.
The complaint criticizes the hospital for “concealing the existence and extent of the data breach for an unreasonable duration of time” and allegedly failing to provide accurate notice of the data breach. The hospital has still not notified its own clientele about the data breach, the lawsuit claims.
On January 5, the hospital said that if it finds that data has been impacted by this incident, it will send all required notifications in accordance with state and federal laws to patients, vendors, and impacted parties.
Cabozzi complains that he only learned about the cyber incident from local news reports.
Unknown Number
The data that could have been exposed or stolen include personal health information such as medical records and history, test results, procedure descriptions, diagnoses, and personal or family medical histories, the complaint says.
The suit also claims personally identifiable information (PII) such as Social Security numbers, passport numbers, driver’s license numbers, and financial account numbers could have been breached.
Some of the data is “highly sensitive and presents a high risk of identity theft or fraud” and it is “likely” that some of the information that has been exposed has already been misused, the lawsuit claims.
According to the Newburyport Daily News, which first reported the incident, the hospital said on January 2 — more than a week after the event — that it was still working with external cybersecurity officials to restore information systems affected by the attack.
The hospital spokesperson told the local newspaper that the FBI is conducting its own investigation.
The hospital, with more than 1,000 employees, is the largest employer in the small coastal city that is north of Boston and close to the New Hampshire border.
As a result of a merger in 2019, Anna Jaques is clinically affiliated with Beth Israel Deaconess Medical Center, a Boston academic medical center and teaching hospital of Harvard Medical School.
The suit seeking class action status was filed in Massachusetts Superior Court for Essex County by two lawyers, one from Connecticut, the other from Puerto Rico.
Hospital Attacks
The Anna Jaques incident is the latest in a series of attacks on hospitals.
Last November, a ransomware attack prompted a Nashville-based healthcare chain that operates 30 hospitals in six states to divert patients to other hospitals and pause certain elective procedures. Ardent Health Services owns and operates 30 hospitals and more than 200 care sites in Oklahoma, Texas, New Jersey, New Mexico, Idaho and Kansas.
In October, two New York hospitals that were hit with a cyberattack had to shut down their computer systems to investigate.
In August, hospitals and clinics in several states run by Prospect Medical Holdings were forced to shut down some primary care, emergency rooms and ambulance services while recovering from a cyberattack. Prospect, which is based in California, has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.
Topics Lawsuits Cyber Massachusetts
Was this article valuable?
Thank you! Please tell us what we can do to improve this article.
Thank you! % of people found this article valuable. Please tell us what you liked about it.
Here are more articles you may enjoy.
Get automatic alerts for this topic.
Your email address will not be published. Required fields are marked *
*
*




source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *