Tuesday, July 26, 2022

Methodist Hospitals Data Breach $425K Class Action Settlement

 By now, we all know that data breaches can be expensive.  When you factor in the services of experts, potential hardware replacement/reconfiguration, fines, and other costs, a breach can be *so* expensive as to stress the resources of large organization while driving some smaller ones out of business completely.

However, add onto that the potential costs associated with a lawsuit and a company can soon see their expenses spiraling way out of control.  Even if a lawsuit is successfully defended and no loss incurred as a result, there are still the serious expenses incurred by dealing with the litigation.

Recently, lawsuit brought against Gary, Indiana based Methodist Hospitals, Inc was settled for $425,000.  The amount was the announced settlement, but that number fails to include the amount of money spent on legal bills to simply get to the point of a negotiated settlement.

It all stems from a 90 day window in 2019 where Methodist Hospitals had their network compromised before the attackers released Ransomware to encrypt their network.  The attackers, before encryption,  made off with PHI (Protected Health Information) as well as a good deal of demographic information related to those patients.  Forensics point to a successful Phishing Attack on an employee's email account that allowed for the initial network access.  Once the criminals had gained this foothold it appears they siphoned off the data and then encrypted the network.

The lawsuit accused the hospital of failing to properly protect the purloined data.

I haven't been able to find info related to how many patients were affected or what other costs have been associated with this attack, however it is safe to say the costs have been substantial.

Full info on the lawsuit including how to fie a claim if you were affected can be found by following this link.  

No comments:

Post a Comment