MU Health Faces a Lawsuit Filed by Patients Who Were Affected by a Phishing Attack on May 2019

A lawsuit was filed against the University of Missouri Health Care (MU Health) in connection with the phishing attack last April 2019.

MU Health found out on May 1, 2019 the unauthorized access of two employees’ email accounts for one week starting on April 23, 2019. The email accounts stored a number of sensitive information including names, birth dates, clinical and treatment information, medical insurance details, and Social Security numbers.

The MU Health breach investigation came to a conclusion on July 27. The provider notified the 14,400 patients affected by the breach. It’s possible that their compromised protected health information (PHI) were stolen.

One week after receiving the breach notification letter, MU Health patient Penny Houston filed the lawsuit. It is alleged in the lawsuit that the breach heightened the risk that patients would become victims of identity theft and fraud. Cybercriminals can possibly use the compromised data stored in the email accounts to file fraudulent tax returns, steal patient identities and open bank accounts under the names of patients.

Because the personal data of patients were exposed, affected individuals could potentially face problems for a long time and have to dole out money for credit monitoring and identity theft protection service fees, given that MU Health did not provide such services for free.

The lawsuit similarly claims that a percentage of the money that patients pay for healthcare services go to the cost of data security. Since the security implemented was not enough, the plaintiffs claim that MU Health was charging more than what they really ought to pay for healthcare services.

About 19 more patients have agreed to jointly file the lawsuit. The plaintiffs desire the return of the money they spent for expenses incurred because of the breach. They also would like MU Health to pay for the credit monitoring services fees of the breach victims. Additionally, the plaintiffs want more funds to be allocated by MU Health to improve its data security defenses, monitor control systems, and implement audits on systems and procedures.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at