Thank you to everyone who helped contribute to this investigation. At this time, attorneys working with ClassAction.org are no longer reviewing claims in relation to this matter. If you have questions regarding your rights, please contact an attorney in your area.
Our open list of investigations can be found here. The information below was posted when the investigation began and remains for reference only.
At A Glance
This Alert Affects:
Anyone who had their health information exposed as part of a data breach at any of the hospitals listed below.
What’s Going On?
Attorneys working with ClassAction.org are investigating whether class action lawsuits can be filed on behalf of patients for damages related to the breach.
How Could a Lawsuit Help?
A class action lawsuit could help patients recover compensation for time and money spent mitigating the effects of the breach, as well as for fraudulent charges and damage to their credit.
Attorneys working with ClassAction.org would like to speak to anyone who had their private health information exposed as part of a data breach at any of the following hospitals and medical facilities:
Brooklyn Hospital Center (New York)
Betty Jean People’s Health Center (St. Louis, Missouri)
North Florida OB-GYN/Women’s Care Florida (Florida)
Fayette Medical Center (Alabama)
Park DuValle Community Health Center (Kentucky)
Campbell County Health (Wyoming)
Kalispell Regional Hospital (Montana)
The University of Alabama (Medicine)
Methodist Hospitals, Inc.
Hackensack Meridian Health (New Jersey)
Ivy Rehab Network, Inc.
Saint Francis Medical Center dba Ferguson Medical Group
Southeastern Minnesota Oral & Maxillofacial Surgery
Truman Medical Centers
The attorneys are investigating whether the hospitals and healthcare centers took proper steps to protect patients’ personal health data and provide timely notice upon discovering unauthorized access to this information.
How Were the Hospitals Hacked?
It has been reported that unauthorized third parties locked the hospitals out of their own systems using “ransomware,” a type of malware that can encrypt files. The attackers, in exchange for unlocking the files, demanded that a ransom be paid. Park DuValle Community Health Center, for instance, reportedly paid out a $70,000 ransom to unlock medical records that were held hostage for nearly two months.
In addition to the risk of identity theft, ransomware attacks on hospitals usually result in canceled medical appointments, lost medical records and other disruptions to patient care. In fact, some hospitals that were hacked had to close down – partially or completely – because of the attacks. When the Fayette Medical Center was under attack, for instance, local ambulances were told to take patients to other hospitals if possible.
What Information Was Compromised?
Personal information that may have been collected by the hospitals and therefore may have been compromised as part of these attacks include, but is not limited to, the following:
Name, address, phone number and e-mail address
Personal information of emergency contacts
Social Security numbers
How Could a Class Action Lawsuit Help?
A class action lawsuit could help patients whose personal information was compromised recover compensation for fraudulent charges and damage to credit, as well as out-of-pocket expenses and loss of time related to mitigating the effects of the data breach.