News

Patients Sue DCH Health System Over Ransomware Attack

For years, cybercriminals have targeted local governments and organizations with ransomware attacks in order to gain access to private and sensitive data. Another often targeted sector for cyberattacks is the healthcare industry due to the plethora of personal data stored for each patient. Recently, four DCH Health System (DCH) patients filed a federal class action lawsuit alleging the Alabama Hospitals violated health information privacy laws and disrupted their medical care when the system was hit with a ransomware attack in October 2019.

The lawsuit alleges negligence, invasion of privacy, breach of contract, and breach of fiduciary duty after a large-scale ransomware attack shut down the three-hospital system to non-critical patients for 10 days. During this time, patients had to forego medical treatment due to an inability to access their own health information. The patients further allege DCH also violated federal medical privacy laws, known as the Health Insurance Portability and Accountability Act (HIPAA), as well as other laws governing medical records. The perpetrator of the ransomware attack gained access to medical records along with medical and billing information from the attack.

What Is A Ransomware Attack?

Ransomware is a type of malicious software that blocks users from accessing critical systems and data until a ransom is paid. It is frequently delivered through phishing emails. According to FBI statistics, in 2018 alone U.S. businesses paid out more than $3.6 million to hackers in these kinds of attacks. Cybercrime magazine Cybersecurity Ventures forecasts global ransomware damage costs will reach $20 billion by 2021. Despite these projections, the FBI still warns against paying ransoms because there is no guarantee the hacker will release the files once the ransom is paid.

Traditionally, cyberattackers distributed ransomware with the intent to reach as many users as possible, often targeting hundreds or even thousands of people with the malicious code. More recently, cybercriminals with increasingly sophisticated malware are moving toward more targeted ransomware attacks on victims with deep pockets, such as large companies and corporations.

When a ransomware attack targets a healthcare system, it impacts data, but more importantly, it exposes highly sensitive patient information. These attacks can disrupt patient services, create confusion, and in 2019 alone, forced several healthcare providers to temporarily shut down. Because of the nature of the data protected, the perception that healthcare providers are more likely to pay a ransom has led to an increase in active targeting of healthcare organizations.

Healthcare Privacy Lawyers

Were you a patient of a hospital or other healthcare facility that fell victim to a ransomware attack? Were your appointments canceled, records lost, or other medical care disrupted as a result? If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted you, you may qualify to join one of our hospital ransomware attack class action lawsuits. Contact Whitfield Bryson LLP today for more information about how we can help.