The St Joseph's/Candler hospital system in Savannah, Georgia was hit by a ransomware attack in the early hours of June 17, 2021. Upon detection of suspicious network activity, SJ/C immediately took steps to isolate and secure its systems. Staff went back to writing in pen and paper to record patient data, as the attack prevented access to computer systems and emergency protocols were implemented.
The security breach was reported to law enforcement by SJ/C. The hacking group had access to the systems from December 18, 2020 until June 17, 2021, according to the assistance provided by third party cybersecurity firms.
Shortly after the breach was detected a spokesperson for St Joseph's/Candler released: “patient care operations continue at our facilities using established back-up processes and other downtime procedures. Our physicians, nurses, and staff are trained to provide care in these types of situations and are committed to doing everything they can to mitigate disruption and provide uninterrupted care to our patients.”
The parts of the network that were accessible to the hackers contained files with patients' health-protected information. The files contained patient information such as names, addresses, dates of birth, Social Security numbers, driver's license numbers, patient account numbers, billing account numbers, financial information, health insurance plan member IDs, medical record numbers, dates of service, as well as a comprehensive review of those
The protected health information of 1,400,000 patients could potentially have been compromised by the ransomware attack. SJ/C began to send notification letters to individuals affected by the breach on August 10, 2021 and are offering complimentary credit monitoring and identity theft protection services. SJ/C is implementing additional safeguards and technical security measures to further protect and monitor its systems going forward.
A class action lawsuit has been filed on behalf of the more than one million patients, professionals, and clients who may have been affected in the recent cyber attack on the healthcare system's IT systems.
The lawsuit states that people whose data has been compromised "have been forced to expend, and must expend in the future, to monitor their financial accounts, health insurance accounts, and credit files as a result of the data breach" though no does not cite and specific instances of identity theft.
Furthermore, plaitiffs are claiming in the lawsuit that the hospital neglected to "design, adopt, implement, control, direct, oversee, manage, monitor and audit appropriate data security process, controls, policies, procedures, protocols and software and hardware systems" to protect patients' personal information.
If your private information was leaked by the SJ/C data breach and has been used illegally our firm can help. Call Marks Law Group today at (404) 939-1485 to schedule a free consultation with an Atlanta HIPAA violation attorney to learn what your legal options may be during a free consultation.
Other Recent Data Breaches: Metro Infectious Disease Consultants Data BreachReproSource Fertility Diagnostics Ransomware Attack