Following a 2021 data breach that impacted 213,543 patients of Logan Health Medical Center a legal action has been submitted against the group and subsidiary, sister, and related bodies.
Submitted in the U.S. District Court for the District of Montana Great Falls Division by legal practice Heenan & Cook for plaintiff Allison Smeltz and all similarly affected individuals in relation to the supposed failure of the health group to safeguard the plaintiff’s and class members’ sensitive personal data.
The data breach in question between November 18, 2021, and November 22, 2021. It was reported by Logan Health in February 2022 after an initial examination showed that unauthorized people had been able to access its databases. Cybercriminals were able to access a single file server that was storing files which included patients’ protected health information including names, contact details, insurance claims, service times, medical invoices, and health insurance data. Logan Health said it had found nothing to indicate that there had been improper use of patient data and provided impacted individuals the chance to avail of free credit monitoring and identity protection services, and said it is currently configuring extra measures to stop similar data breaches from occurring.
The legal action submitted states that the breach was able to occur due to Logan Health not configuring “implement adequate and reasonable training of employees and/or procedures and protocols,” and alleges Logan Health and the other defendants should have been conscious that the protected health information they were storing was very attractive to cybercriminals.
The submitted action mentioned that this data breach was but one of many that have infiltrated Logan Health recently. In January 2021 Logan Health was impacted by a different breach that impacted 2,081 citizens of Montana, and a separate in 2019 tha successfully targeted 126.805 Montanans when Logan Health was branded as Kalispell Regional Healthcare.
The action alleges that this most recent infiltration was allowed to occur due to the failure to stop the data breach, victims have been impacted and will go on being impacted, such as the compromise, publication, theft and/or illegal use of their PII/PHI, out-of-pocket expenses from the prevention, discovery, recovery, and remediation from identity theft or fraud, lost opportunity costs and lost wages, and the ongoing risk to their PII/PHI from the failure of Logan Health to configure adequate security measure to stop data breaches like this happening.
The legal action refer to a number of causes of action, including negligence, invasion of privacy, breach of implied contract, unjust enrichment, and breaches of the Montana Consumer Protection Act, and claims Logan Health had did not adhere with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).