Threat Management

Georgia health system ransomware attack prompts class-action suit


Georgia-based St. Joseph's/Candler Health System has been sued in a class-action lawsuit following a ransomware attack against the health system that may have compromised personal, financial and health data belonging to 1.4 million of its patients, clients and employees, according to the Savannah Morning News.

The lawsuit accuses St. Joseph's/Candler of violating its privacy policy, as well as being negligent due to its failure to implement adequate information security and prevention measures for the breach, which investigations showed occurred from December 18, 2020 to June 17, 2021.

Patients "have been forced to expend, and must expend in the future, to monitor their financial accounts, health insurance accounts, and credit files as a result of the data breach," alleged the lawsuit, which did not specify identity theft instances among those affected by the incident.

Aside from a jury trial, restitution and disgorgement, the lawsuit's plaintiffs are pursuing an unspecified amount for punitive damages and attorney fee payments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.