Atlantic General Hospital Corporation Failed to Protect Patient Data from Hackers, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit alleges that Atlantic General Hospital Corporation (AGH) is to blame for a January 2023 data breach that reportedly compromised the personal information of thousands of patients.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 54-page lawsuit says that though the Maryland-based healthcare services provider first detected unusual activity in its computer systems on January 29, a subsequent investigation revealed that an unauthorized third party had gained access to the servers beginning nine days earlier. The suit relays that the private information of roughly 30,703 current and former patients was compromised in the breach, including, but not limited to, names, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical record numbers, medical history and treatment information, physician details and health insurance information.

The case argues that the “foreseeable” cyberattack was a direct result of AGH’s “inexcusable failure” to implement adequate data security measures. For one, the defendant could have entirely prevented the data breach by simply encrypting the information stored in its network, the complaint charges.

What’s more, AGH delayed notifying victims of the breach until late March, around two months after the company claims to have first discovered the unauthorized access, the filing adds. According to the lawsuit, this unreasonable delay “virtually ensured” that hackers could sell or misuse the data before victims had a chance to take action to protect their information.

By collecting, storing and benefitting from patient data, AGH had a legal obligation to safeguard the sensitive information entrusted to it, the suit shares. In addition, although AGH itself admitted after the breach that “its security practices were inadequate and ineffective,” the company has only offered victims up to two years of identity and credit monitoring services, the case states.

The plaintiff, a Maryland resident and AGH patient, received notice on March 24 informing him that his highly sensitive data had been compromised in the breach, the complaint says. Like other victims, the man now faces a lifelong risk of identity theft, fraud, phishing schemes and other illegal activity as a result of AGH’s negligence, the filing contends.

The lawsuit looks to represent anyone in the United States whose personal information was compromised in the Atlantic General Hospital Corporation data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.