Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Episcopal Health Services, a major New York hospital system, announced in late 2018 that it had become aware of a significant phishing attackon its system.
According to a statement (titled “Notice of Data Privacy Event”), the company first became aware of suspicious activity in employee email accounts on Sept. 18, 2018. This sparked an immediate investigation to determine the extent of the event and figure out what information may have been impacted.
The investigation, which involved the assistance of third-party forensic investigators, found that certain employee email accounts had been accessed by unauthorized persons for a period of just more than a month, between Aug. 28, 2018, and Oct. 5, 2018.
Unfortunately, the emails potentially impacted in the security breach contained a wide variety of information, including sensitive protected health information, such as:
- Social Security number
- Date of birth
- Financial account information
- Medical history information
- Prescription information
- Medical record number
- Treatment or diagnosis information
- Health insurance information
- Policy number
The types of information compromised varied by the individual.
In response to the incident, Episcopal Health Services said that it “is committed to, and takes very seriously, its responsibility to protect all data entrusted to us.” Therefore, the company said, it would be changing employee email log-in credentials and continuing ongoing security enhancements in order to bolster its security.
Furthermore, “in an abundance of caution,” the company said it would also notify individuals who were potentially affected and offer 12 months of complimentary credit monitoring to help them protect their personal information.
According to the hospital system, it began notifying patients on Nov. 15, 2018, but later began a second round of notifications to additional patients the hospital found were also potentially impacted. In a November 2018 report about the breach to the Department of Health and Human Services, it was reported that a total of 218,055 patient records had been breached, HealthITSecurity.com reported.
The hospital advised patients to “remain vigilant” to the potential consequences of personal information being accessed, such as identity theft and fraud. To do so, the company advised potential victims to regularly review account statements for any suspicious activity and to report any unauthorized charges to banks or credit card companies as soon as possible.
Unfortunately, ransomware attacks like this have become increasingly common in recent years. Major ransomware attacks have reportedly targeted hospitals, schools, and cities—in short, anywhere that might have large databases of personal information.
These attacks can expose the personal information of a vast swath of people at once, and in the case of hospital systems, it can cause a delay in patient care, potentially putting lives at risk, according to a CNN report.
If you were a patient at a hospital, clinic, or other healthcare facility when a medical ransomware attack affected your medical care, you may be able to join a class action lawsuit investigation.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
2 thoughts onEpiscopal Health Services Targeted in Hospital Ransomware Attack
I still have not received anything or notice and I was affected
Hmmm.
We got a note from them.
I could not understand how they got our info.
We’ve never been to this hospital. (Too far away)
Called the number on the note.
When asked, she said this hospital was an ‘umbrella’ combining
other, major hospitals.
Like which ones?
We’ve only dealt with secular hospitals.
Hopefully, this does not result in identity theft.
The ID in question is that of a minor child.
This should be interesting.
Staying tuned.