Ascension Health Data Breach Lawsuit Filed After May 2024 Cyberattack Affecting MyChart Portal

New to ClassAction.org? Read our Newswire Disclaimer

Ascension Health faces a proposed class action lawsuit over a May 2024 data breach in which the sensitive, non-public information of thousands of patients was accessed without authorization.

Did you receive a data breach notice from Ascension Health? Let us know here.

The 61-page Ascension Health data breach lawsuit says the Missouri-based entity’s systems, including its MyChart patient portal, were accessed via ransomware attack on or about May 9, 2024, and remained offline and inaccessible to patients in the wake of the incident. The case stresses that Ascension Health patients have been unable to effectively communicate with their providers, or receive medical care, given that the MyChart portal is the primary way for doctors to contact patients and their families.

According to the suit, patients’ names, dates of birth, patient records and Social Security numbers were among the information disclosed in the Ascension Health data breach, the risk of which the case alleges was known, or should have been known, to the company.

The data breach lawsuit alleges the incident stemmed directly from Ascension Health’s failure to implement reasonable and industry-standard cybersecurity practices. Per the case, Ascension Health is one of the nation’s largest nonprofit and Catholic health systems, and includes 140 hospitals serving communities in 19 states and the District of Columbia.

On May 10 of this year, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a statement that the Black Basta ransomware gang is targeting critical U.S. infrastructure, including the healthcare sector, the filing relays. It was the Black Basta ransomware attack that “brought down Ascension IT Systems,” the case claims, adding that four sources briefed on the investigation shared with CNN that Ascension had been the victim of a ransomware attack.

As a result of the breach, Ascension Health patients have suffered concrete damages that include, but are not limited to, an invasion of privacy, the theft of their private information and lost time dealing with the consequences of the data breach, the filing says. Moreover, patients face a continued and heightened risk of identity theft and fraud as a result of their information being taken by unauthorized third parties, the suit contends.

According to a data breach notice posted on Ascension Health’s website, the defendant “worked around the clock” to respond to the ransomware attack and remains focused on restoring its systems, though conceded that “it will take time to return to normal operations.”

The lawsuit looks to cover all persons in the United States whose private information was compromised as a result of the data breach reported by Ascension Health.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.