Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack

Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021.

As per the investigation, it was established the hackers initially acquired access to organization servers on or approximately July 10, 2021, and put in malware on its networks. Unauthorized access likely continued up to August 15, 2021.

The breach notification letters noted that Memorial Health System discovered on September 17, 2021, that the attacker possibly accessed or obtained data from its systems. The evaluation of the affected systems was concluded on November 1, 2021. The impacted persons were advised on January 12, 2022, and were given a one-year free membership to a credit monitoring service. The breach notice sent to the Maine attorney general’s office shows the personal information of 216,478 individuals was likely accessed by the hackers.

The lawsuit versus Marietta Area Health Care Inc. doing business as Memorial Health System was filed in the U./S. District Court of the Southern District of Ohio, Eastern Division on behalf of the plaintiff Kathleen Tucker and other people affected by the security breach.

The lawsuit states the plaintiff’s and class members’ personal records, including names, birth dates, Social Security Numbers, medical record numbers, patient account numbers, and medical details, was exposed and illegally viewed, and that the plaintiff and class members, endured ascertainable deficits comprising the loss of the benefit of their bargain, out-of-pocket expenditures and the cost of their time fairly charged to resolve or mitigate the consequences of the attack.”

The lawsuit claims Memorial Health System was responsible for having the private data of patients in a sloppy manner by keeping the data on systems that were prone to cyberattacks. The lawsuit claims the defendant understood the danger of cyberattacks but didn’t take the required steps to protect private data. Besides the negligence case, the lawsuit states negligence by itself, breach of implied contract, and unjust enrichment.

The plaintiff and class members assert they are now subject to an increased and impending danger of fraud and identity theft and need to carefully check their financial accounts to protect against identity theft today and later on. Out-of-pocket costs were additionally sustained, such as the price and time of setting up credit reports, credit monitoring services, and credit freezes.

The lawsuit wants a jury trial and punitive damages, compensatory damages, treble damages, refund of out-of-pocket expenditures, and injunctive relief, which ought to include developments to Memorial Health System’s information security solutions, future yearly audits, and offering enough credit monitoring services to persons impacted by the incident.

Attorney Joseph M. Lyon of The Lyon Firm, LLC submitted the lawsuit. The law agency of Console & Associates P.C. has likewise opened up an inquiry into the cyberattack and data breach.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.