December 2022 Cyberattack Triggers Class Action Against Howard Memorial Hospital
Willbanks et al. v. Howard Memorial Hospital
Filed: February 8, 2023 ◆§ 4:23-cv-04009-SOH
A class action lawsuit claims Howard Memorial Hospital’s “negligent” and “careless” cybersecurity standards are to blame for a data breach reportedly discovered in December 2022.
Arkansas
A proposed class action lawsuit claims Howard Memorial Hospital’s “negligent” and “careless” cybersecurity standards are to blame for a data breach reportedly discovered in December 2022.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 62-page lawsuit says that although the Nashville, Arkansas hospital claims to have first learned of the ransomware attack on December 4 of last year, a subsequent investigation indicated that cybercriminals may have stolen files from Howard Memorial’s computer system as early as November 14. The suit reports that the personally identifiable information compromised in the breach included, but is not limited to, patients’ names, contact information, dates of birth, Social Security numbers, health insurance details, medical record numbers (MRN), medical histories, diagnoses, treatment information and physician names.
The “foreseeable” data breach was a result of Howard Memorial’s failure to implement basic cybersecurity practices to safeguard patients’ private data against unauthorized disclosure, the case claims. Patients’ personal information was allegedly stored unencrypted in the computer network and therefore “vulnerable to cyberattack[s],” the complaint says.
In addition, the defendant purportedly failed to promptly notify victims of the breach, the filing relays. As the lawsuit tells it, though Howard Memorial claims to have detected the unauthorized activity in early December 2022, it only began sending notices to those affected by the cyberattack in late January 2023.
The suit contends that the hospital should have been well aware of the threat of cyberattacks given the collection of highly valuable information stored in its computer system—information the case argues the defendant had a legal duty to protect.
The plaintiffs, both Arkansas residents, were notified on January 27, 2023, that their private information had been compromised in the data breach, the case explains. Like other victims, the two plaintiffs now face a substantial risk of fraud, identity theft, and other misuse of their personal data, the complaint says.
As of the date the suit was filed, Howard Memorial has “done little” to alleviate the burden and stress suffered by those impacted by the breach. At any rate, the suit charges, the damage to victims “cannot be undone.”
The lawsuit looks to represent anyone whose personally identifiable information was actually or potentially compromised or obtained as a result of the December 2022 data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.