Lawsuit Says North Kansas City Hospital, Meritas Health Failed to Protect Data from Cyberattack Against Vendor
Jackson v. Board of Trustees of North Kansas City Hospital et al.
Filed: February 13, 2024 ◆§ 4:24-cv-00109
NKCH, Meritas Health and a third-party vendor face a class action over a 2023 data breach that affected more than 502,000 current and former patients.
Board of Trustees of North Kansas City Hospital Meritas Health Corporation Perry Johnson & Associates, Inc.
Missouri
North Kansas City Hospital (NKCH), subsidiary Meritas Health Corporation and a third-party vendor face a proposed class action over a 2023 data breach that affected more than 502,000 current and former patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 31-page data breach lawsuit relays that the hospital and Meritas Health were impacted by a cyberattack that targeted defendant Perry Johnson & Associates, Inc. (PJ&A), an outside vendor that provides medical transcription services. As a result, the personal information of NKCH and Meritas Health patients was compromised when an unauthorized party gained access to PJ&A’s network between March 27 and May 2, 2023, the suit shares.
According to a notice letter PJ&A sent to victims, an investigation determined that the data potentially impacted in the breach included patients’ names, dates of birth, genders, phone numbers, addresses, health insurance information and certain clinical data. Per the notice, Social Security numbers were not affected by the incident.
Although the defendants had a legal obligation to protect the private data in their care, they negligently failed to take reasonable cybersecurity measures to safeguard the information from unauthorized disclosure, the case alleges.
What’s more, the complaint points out that despite being informed about the incident by PJ&A in July 2023, NKCH did not begin to notify victims until early January 2024.
“NKCH’s and Meritas’s failure to promptly notify [the plaintiff] and Class members that their [personally identifying information/personal health information] was accessed and stolen virtually ensured that the unauthorized third parties who exploited those security lapses could monetize, misuse, or disseminate that [data] before [the plaintiff] and Class members could take affirmative steps to protect their sensitive information,” the filing charges.
As a result of the defendants’ negligence, victims now face a substantially increased risk of identity theft and fraud at the hands of data thieves, the case claims.
The lawsuit looks to represent anyone in the United States who gave their personal data to NKCH or Meritas Health and whose information was compromised in the data breach, including those who were sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.