Security News > 2020 > February > Hacked Off: Patients Sue Ransom-Paying Hospital Group

Hacked Off: Patients Sue Ransom-Paying Hospital Group
2020-02-19 10:18

A lawsuit seeking class action status has been filed against a New Jersey healthcare organization in the wake of a ransomware attack last December in which the entity paid attackers a ransom to unlock its systems.

Because of the ransomware attack, patients had their medical care and treatment disrupted, the complaint alleges.

In a statement provided to Information Security Media Group, HMH states that after the ransomware attack, the network took immediate action to protect its patients and to remediate the issue.

HHS OCR several years ago issued guidance advising organizations that under most circumstances, ransomware attacks are considered reportable breaches under HIPAA. HMH did not immediately respond to an inquiry about whether it reported the ransomware attack to the U.S. Department of Health and Human Services as a health data breach.

Hales, the HIPAA attorney, says that HMH "Paid the ransom no doubt to do the right thing - restore patient care quickly. However, it may indicate serious problems for HMH's defense because it suggests HMH lacked sufficient data backup and effective contingency plans for recovery and emergency mode operation required by HIPAA.".


News URL

https://www.inforisktoday.com/hacked-off-patients-sue-ransom-paying-hospital-group-a-13736