Wilmington Surgical Associates located in North Carolina is dealing with a class suit due to a Netwalker ransomware attack that resulted in a data breach last October 2020.
In most ransomware attacks today, data files were exfiltrated before ransomware deployment. In this situation, the Netwalker ransomware gang stole 13GB of information from two administrative servers of Wilmington Surgical Associates. Some stolen data were published on the data leak site of the threat actors and anyone could access them.
The leaked data files were spread across thousands of files and had financial data associated with the practice, employee details, and patient data like photos, scanned files, lab test results, Social Security numbers, health insurance details, and other sensitive patient records.
Wilmington Surgical Associates mailed notifications to affected persons in December 2020 and informed the HHS’ Office for Civil Rights about the data breach on December 17, 2020 as impacting 114,834 people.
The Rhine Law Agency; Morgan & Morgan; and Mason Lietz & Klinger filed the lawsuit – Jewett et al. vs Wilmington Surgical Associates on February 10, 2021. The case was later taken to the US District Court for the Eastern District of North Carolina.
Allegedly, plaintiffs Katherine Teal, Sherry Bordeaux, and Philip Jewett claim that their sensitive personal and health information is currently in the possession of cybercriminals, which puts them at a heightened risk of identity theft and fraud and other damages like the bringing down of credit scores and getting increased interest rates. The plaintiffs additionally assert they have experienced ascertainable losses due to the security incident when it comes to out-of-pocket expenditures and time expended remediating the impact of the data breach.
The lawsuit claims Wilmington Surgical Associates was at fault for not being able to adequately protect patient information when it was notified regarding the increased risk of ransomware attacks. Additionally, it is alleged that the North Carolina healthcare organization did not sufficiently check its systems for network attacks and failed to give quick breach notices to patients and enough data on the types of data exposed in the attack.
The plaintiffs desire compensation of their out-of-pocket costs, compensation for time used up handling the aftereffects of the breach, compensation, injunctive assistance, and enough credit monitoring services for affected persons. The lawsuit likewise demands the courts to command Wilmington Surgical Associates to boost data security and go through annual security audits.