Ardent Health Services Failed to Protect Patient Data from Cyberattack, Class Action Claims
Burke v. AHS Medical Holdings, LLC et al.
Filed: December 12, 2023 ◆§ 3:23-cv-01308
Ardent Health Services faces a class action over a cyberattack announced in November 2023 that reportedly compromised the private data of over 300,000 patients.
Healthcare company Ardent Health Services faces a proposed class action over a cyberattack announced in November 2023 that reportedly compromised the private data of over 300,000 patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to a notice posted on Ardent’s website, the company discovered an “information technology cybersecurity incident” on November 23 of this year, which a subsequent investigation determined to be a targeted ransomware attack. The notice relays that in response to the threat, Ardent “took its network offline” and “suspend[ed] all user access to its information technology applications.” Certain core clinical and business systems, including the electronic medical records platform known as Epic, were restored on December 6, the notice says.
The 50-page lawsuit claims defendants AHS Medical Holdings, LLC and Ardent Medical Services, Inc.—which operate as Ardent Health Services—“negligently” failed to take reasonable data security measures to protect patients’ highly sensitive information, which was exposed to cybercriminals during the “foreseeable and preventable” incident.
The suit alleges the Tennessee-based healthcare system, which owns 30 hospitals and hundreds of clinics across six states, maintained patient data unencrypted and “in a reckless manner” on its network.
“Had the information been properly encrypted, the data thieves would have exfiltrated only unintelligible data,” the case notes.
Per the complaint, Ardent also failed to provide victims with timely and accurate notice of the data breach. In particular, absent from the online notice were important details about the incident, including how cybercriminals gained access to the system, what specific information was compromised and what steps are being taken to safeguard the data in the future, the filing contends.
Victims like the plaintiff—a patient at an Ardent-owned medical center in Idaho—now face an ongoing risk of identity theft and fraud as a result of the defendants’ negligence, the lawsuit alleges.
“[The plaintiff] and Class Members must now and in the future closely monitor their financial accounts to guard against identity theft,” the suit claims.
The lawsuit looks to represent anyone in the United States whose private information was compromised in the data breach involving Ardent Health Services.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.