Ascension, one of the largest health systems in the country, is currently facing two class action lawsuits following a ransomware attack on May 8 that has caused significant disruptions to its operations. The attack, carried out by the Black Basta ransomware, led to the disconnection of Ascension’s Epic EHR system, resulting in long wait times in the emergency room at some of its 140 hospitals.
The lawsuits, filed by Katherine Negron and Ana Marie Turner, allege that Ascension failed to safeguard personal identifying information and protected health information, leading to the unauthorized disclosure of sensitive data including names, dates of birth, patient records, and Social Security numbers. The plaintiffs claim that they now face an increased risk of misuse, fraud, and identity theft as a result of the cyberattack.
Furthermore, the complaints state that Ascension did not implement adequate data security practices, making their computer network vulnerable to cyberattacks. The plaintiffs are seeking monetary damages, improvements to Ascension’s data security systems, future annual audits, and adequate credit monitoring services.
This cyberattack comes on the heels of a similar incident in February that affected Change Healthcare, a company owned by Optum and affiliated with UnitedHealthcare. The disruption caused by the ransomware attack on Change Healthcare continues to impact hospital and physician practice revenue due to delays in claims payment. UnitedHealth Group CEO Andrew Witty confirmed that the company paid a $22 million ransom in bitcoin to protect personal health information.
The lawsuits against Ascension highlight the growing threat of cyberattacks in the healthcare industry and the need for robust data security measures to protect patient information.