Wilmington Surgical Associates based in North Carolina is confronting a class action lawsuit in association with a Netwalker ransomware attack that caused a data breach in October 2020.
In the majority of ransomware attacks these days, files were exfiltrated just before deploying the ransomware. In this instance, the Netwalker ransomware group stole 13GB of information from two management servers of Wilmington Surgical Associates. Certain stolen data were posted on the data leak website of the threat actors and everyone can access them.
The leaked data files was distributed across countless files and contained financial details connected to the practice, staff data, and patient data including images, scanned records, laboratory test data, Social Security numbers, medical insurance data, and other sensitive patient data.
Wilmington Surgical Associates provided notifications to impacted persons in December 2020 and gave notice to the HHS’ Office for Civil Rights about the data breach on December 17, 2020 as having an effect on 114,834 people.
The Rhine Law Company; Morgan & Morgan; and Mason Lietz & Klinger submitted the legal action – Jewett et al. versus Wilmington Surgical Associates on February 10, 2021. The lawsuit was fairly recently taken to the US District Court for the Eastern District of North Carolina.
Allegedly, plaintiffs Sherry Bordeaux Katherine Teal, and Philip Jewett assert that their sensitive personal and health information is at this time in the control of cybercriminals, which puts them at an increased danger of identity theft and fraudulence as well as other damages for instance the reduction of credit scores and getting greater interest rates. The plaintiffs furthermore claim they have sustained ascertainable losses because of the security breach with regards to out-of-pocket expenditures and time used up remediating the consequences of the data breach.
The lawsuit states Wilmington Surgical Associates was responsible for its inability to properly secure patient information when it was informed concerning the higher risk of ransomware attacks. Furthermore, it is claimed that the North Carolina healthcare company didn’t thoroughly watch its systems for network infiltrations and failed to deliver prompt breach notices to patients and ample details on the types of data affected in the attack.
The plaintiffs want repayment of their out-of-pocket costs, payment for time expended addressing the impact of the breach, indemnification, injunctive help, and sufficient credit monitoring services for affected individuals. The lawsuit at the same time calls for the courts to mandate Wilmington Surgical Associates to strengthen data security and undertake yearly security checks.