Data Breach News

Ernest Health Data Breach: Lawsuit Looms Over Cyberattack

This breach led to the exposure of sensitive patient information, encompassing details like names, Social Security numbers, addresses, medical records, and more.

by Ashish Khaitan April 17, 2024 in Cybersecurity News, Data Breach News, Firewall Daily Reading Time: 3 mins read 0

592 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

Ernest Health, a US-based healthcare system, faces lawsuits after a cyberattack compromised the data of around 94,747 patients. The , detected on February 1, 2024, involved unauthorized access to its networks from January 16 to February 4, 2024.

The ransomware group claimed responsibility and threatened to release stolen information, including patient names, contact details, health data, and Social Security numbers.

LockBit, notorious for its ransomware-as-a-service operations, reemerged online mere days after a global police crackdown aimed to capture its operation.

Following this , the healthcare provider was compelled to file a notice of data breach with the Attorney General of Massachusetts upon discovering unauthorized access to its IT network, including the networks of its hospitals. 

This breach led to the exposure of sensitive patient information, encompassing details like names, Social Security numbers, addresses, medical records, and more.

Ernest Health Data Breach Turns Into Class Action Lawsuit

Following an extensive investigation, Ernest Health commenced a process of notifying affected individuals about the breach, ensuring transparency about the compromised data. In response to the Ernest Health data breach, plaintiffs Joe Lara and Laurie Cook have initiated a class-action lawsuit against Ernest Health. 

Alleging negligence in safeguarding highly sensitive data, the lawsuit highlights Ernest Health's failure to adequately train employees on cybersecurity measures and maintain sufficient security protocols, leaving patient information vulnerable to cybercriminals.

The lawsuit, filed in the United States District Court, Northern District of Texas, contends that Ernest Health's actions not only breached its duty to protect patient data but also violated state and federal laws governing data protection and breach notifications.

Plaintiffs Lara and Cook, representing the class of over one hundred current and former patients affected by the breach, argue that Ernest Health's delayed notification deprived them of the opportunity to mitigate potential damages promptly.

The exposed information places them at risk of identity theft and other harms, necessitating legal recourse to address the Ernest Health data breach and its repercussions.

Decoding the Ernest Health Class Action Lawsuit 

The outlines various causes of action, including negligence, negligence per se under the FTC Act and HIPAA, and breach of implied contract, emphasizing Ernest Health's failure to fulfill its obligations in protecting patient information and mitigating damages resulting from the breach.

In seeking relief, the plaintiffs and class members are pursuing certification of the case as a class action, along with declaratory and equitable relief, damages, coverage for attorneys' fees and costs, and other appropriate remedies deemed necessary by the court.

With demands for a jury trial and a comprehensive legal strategy in place, plaintiffs aim to hold Ernest Health accountable for its role in the data breach and secure justice for those affected by the cyberattack.

As the case unfolds, the Ernest Health lawsuit highlights the growing threat posed by cyberattacks on healthcare institutions. In a similar case, the recent cyberattack Change Healthcare is going to result in expenses of $1.6 billion this year. 


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button