in Newswire Published on January 28, 2020

Tidelands Health Facing Class Action After Patient Records Were ‘Held Hostage’ in December 2019 Malware Attack

Kersey et al. v. Georgetown Hospital System

Filed: January 21, 2020 ◆§ 2:20-cv-00208

The company that runs the Tidelands Health hospital network has been hit with a proposed class action in the wake of a December 2019 ransomware attack that reportedly exposed patients’ sensitive data to unauthorized parties.

Defendant(s)

Georgetown Hospital System Tidelands Health

Law(s)

State(s)

South Carolina

Categories

Medical/Health Privacy Data Breach

Filed against Georgetown Hospital System, the case says that a security incident on December 12, 2019 caused portions of the company’s IT network to be taken offline for multiple days while patients’ sensitive data was held for ransom by thieves. The 43-page complaint claims Tidelands Health failed to adequately protect patients’ personal information from the malware attack, during which names, demographic information, dates of birth, Social Security numbers, driver’s license numbers, employment information, health insurance details, and other protected health data were reportedly compromised.

During the attack, which lasted through December 19, doctors, nurses, and other hospital staff had no access to patients’ medical records, scheduled appointments or diagnostic tests, and were forced to use “downtime procedures”—or, paper records—to continue patients’ medical care, the case states. The two plaintiffs claim their damage was two-fold in that they were denied proper medical care during that time and were subjected to a higher risk of identity theft due to the alleged exposure of their private information.

The lawsuit argues that Tidelands has done “absolutely nothing” to compensate proposed class members for the damages they suffered as a result of the ransomware attack. As of the date the complaint was filed, the defendant had not reported the incident as a data breach nor announced the results of its investigation into the attack, the suit says. According to the case, Tidelands’ only public mention of the incident was a Facebook post in which the company reported that it was bringing its systems back online.

The plaintiffs claim Tidelands maintained their data in a “reckless manner,” adding that the company’s “inadequate” security procedures and employee training have exposed their sensitive information to an ongoing risk of identity theft and fraud that will require their time and attention for years to come. From the complaint:

“There is a strong probability that entire batches of stolen information have been dumped on the black market and are yet to be dumped on the black market, meaning Plaintiffs and Class Members are at an increased risk of fraud and identity theft for many years into the future. Thus, Plaintiffs and Class Members must vigilantly monitor their financial and medical accounts for many years to come.”

The lawsuit seeks to cover anyone whose private information was maintained on the defendant’s system during the time of the December 2019 malware attack.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?