A Seattle-based healthcare supplier is going through a category motion lawsuit over a cyber-attack through which the protected well being info of 688,000 folks was uncovered.
The exfiltration of information from Sea Mar Group Well being Facilities turned obvious when recordsdata stolen within the assault confirmed up on the darkish information leak web site of cyber-criminal gang Marketo.
Marketo claimed to have stolen 3TB of information from Sea Mar. Databreaches.internet noticed the leaked recordsdata in June 2021 and reported them to Sea Mar. The healthcare supplier waited till October 2021 to inform impacted people by way of letter.
Sea Mar mentioned hackers had gained entry to its community between December 2020 and March 2021. The cyber-criminals exploited that entry to exfiltrate delicate information, together with names, dates of delivery, well being info, addresses and Social Safety numbers.
In October 2021, the incident was reported to the HHS’ Workplace for Civil Rights as an information breach impacting 688,000 present and former sufferers.
On February 16, Alan Corridor, from Bellingham, Washington, filed a lawsuit in opposition to Sear Mar on behalf of himself and others impacted by the information breach. In it, the plaintiff accused the healthcare supplier of negligence and alleged that Sea Mar did not implement enough and cheap cybersecurity procedures and protocols to guard affected person and worker info.
Sea Mar is additional accused of caring for delicate affected person information “in a reckless method.”
Corridor alleges that Sea Mar knew that its pc programs and safety practices have been insufficient however did not disclose this info. He additional accuses Sea Mar of improper monitoring of its community for intrusions.
The go well with alleges that “on account of the Knowledge Breach, Plaintiff and greater than 650,000 Class Members suffered harm and ascertainable losses within the type of the current and imminent menace of fraud and id theft, lack of the advantage of their discount, out-of-pocket bills and the worth of their time moderately incurred to treatment or mitigate the consequences of the assault, and the lack of worth of their private info.”
Corridor is in search of compensatory damages, nominal damages, reimbursement of out-of-pocket prices and injunctive aid, together with enhancements to Sea Mar’s information safety programs and future annual audits