Georgia-based St. Joseph's/Candler Health System has been sued in a class-action lawsuit following a ransomware attack against the health system that may have compromised personal, financial and health data belonging to 1.4 million of its patients, clients and employees, according to the Savannah Morning News.

The lawsuit accuses St. Joseph's/Candler of violating its privacy policy, as well as being negligent due to its failure to implement adequate information security and prevention measures for the breach, which investigations showed occurred from December 18, 2020 to June 17, 2021.

Patients "have been forced to expend, and must expend in the future, to monitor their financial accounts, health insurance accounts, and credit files as a result of the data breach," alleged the lawsuit, which did not specify identity theft instances among those affected by the incident.

Aside from a jury trial, restitution and disgorgement, the lawsuit's plaintiffs are pursuing an unspecified amount for punitive damages and attorney fee payments.