Cyberattack on Los Angeles County Medical Network Leads to Lawsuit
In the first of what is expected to be a flurry of lawsuits stemming from a cyberattack against a Los Angeles County medical network, a Whittier man is suing PIH Health for failing to safeguard his confidential information from hackers who purportedly stole 17 million patient records from computer servers last month.
Background of the Cyberattack
The data breach occurred on December 1, when a ransomware attack downed information technology systems and most phone lines at PIH Health Downey Hospital, PIH Health Whittier Hospital, and PIH Health Good Samaritan Hospital in Los Angeles. The attack also compromised systems at PIH urgent care centers, doctors’ offices, and home health and hospice agencies.
Details of the Breach
The hackers claimed to have stolen about 2 terabytes of files, including 17 million confidential patient records that include home addresses, phone numbers, places of employment, and medical expenses. They also claimed to have recovered data for 8.1 million “medical episodes,” detailing patient diagnoses, test results, photos, scans, and private emails.
Lawsuit Filed by Whittier Man
Ferdinand Rivera’s lawsuit seeks unspecified damages for negligence, invasion of privacy, and other complaints arising from the breach. Rivera has purchased a credit monitoring service to guard against identity theft in the wake of the attack and is seeking compensation for the costs he may incur.
Previous Breach and Lack of Transparency
PIH Health was subjected to a previous breach in June 2019, when a targeted email phishing campaign against company employees compromised personal and protected health information for nearly 200,000 patients. However, PIH didn’t report the breach to the U.S. Health and Human Services Office for Civil Rights until seven months later.
Conclusion
The cyberattack on PIH Health highlights the importance of protecting patient data and the consequences of failing to do so. The lawsuit filed by Ferdinand Rivera is just the beginning of what is expected to be a flurry of lawsuits stemming from the breach. As the healthcare industry continues to evolve, it is crucial that medical networks prioritize the security and privacy of patient information.
FAQs
Q: What is the scope of the cyberattack?
A: The hackers claimed to have stolen about 2 terabytes of files, including 17 million confidential patient records and data for 8.1 million “medical episodes.”
Q: Has PIH Health paid a ransom to the hackers?
A: It is unknown if PIH has paid a ransom to the hackers. No known group has publicly claimed responsibility for the attack.
Q: What is the potential impact of the breach?
A: The stolen data can be used for a variety of crimes, including credit card and bank fraud. Patients who had their information compromised may be at risk of identity theft and other forms of financial fraud.
Q: What is PIH Health doing to address the breach?
A: PIH Health has restored phone services at its hospitals and is working to bring clinical applications and technologies back online. The company has not commented on the allegations in the lawsuit.
Q: What can patients do to protect themselves?
A: Patients who had their information compromised should monitor their credit reports and financial statements closely and consider purchasing a credit monitoring service. They should also be aware of any suspicious activity and report it to the appropriate authorities.
