Lawsuit Says North Kansas City Hospital, Meritas Health Failed to Protect Data from Cyberattack Against Vendor
Jackson v. Board of Trustees of North Kansas City Hospital et al.
Filed: February 13, 2024 ◆§ 4:24-cv-00109
NKCH, Meritas Health and a third-party vendor face a class action over a 2023 data breach that affected more than 502,000 current and former patients.
Board of Trustees of North Kansas City Hospital Meritas Health Corporation Perry Johnson & Associates, Inc.
Missouri
North Kansas City Hospital (NKCH), subsidiary Meritas Health Corporation and a third-party vendor face a proposed class action over a 2023 data breach that affected more than 502,000 current and former patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 31-page data breach lawsuit relays that the hospital and Meritas Health were impacted by a cyberattack that targeted defendant Perry Johnson & Associates, Inc. (PJ&A), an outside vendor that provides medical transcription services. As a result, the personal information of NKCH and Meritas Health patients was compromised when an unauthorized party gained access to PJ&A’s network between March 27 and May 2, 2023, the suit shares.
According to a notice letter PJ&A sent to victims, an investigation determined that the data potentially impacted in the breach included patients’ names, dates of birth, genders, phone numbers, addresses, health insurance information and certain clinical data. Per the notice, Social Security numbers were not affected by the incident.
Although the defendants had a legal obligation to protect the private data in their care, they negligently failed to take reasonable cybersecurity measures to safeguard the information from unauthorized disclosure, the case alleges.
What’s more, the complaint points out that despite being informed about the incident by PJ&A in July 2023, NKCH did not begin to notify victims until early January 2024.
“NKCH’s and Meritas’s failure to promptly notify [the plaintiff] and Class members that their [personally identifying information/personal health information] was accessed and stolen virtually ensured that the unauthorized third parties who exploited those security lapses could monetize, misuse, or disseminate that [data] before [the plaintiff] and Class members could take affirmative steps to protect their sensitive information,” the filing charges.
As a result of the defendants’ negligence, victims now face a substantially increased risk of identity theft and fraud at the hands of data thieves, the case claims.
The lawsuit looks to represent anyone in the United States who gave their personal data to NKCH or Meritas Health and whose information was compromised in the data breach, including those who were sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.