St. Louis-based BJC HealthCare agreed to a class action lawsuit settlement to resolve allegations that its poor cybersecurity led to a May 2020 phishing attack that compromised sensitive patient data, Becker’s reports.
Affected patients of the data breach took legal action against BJC HealthCare, arguing the company could have prevented the data breach through reasonable cybersecurity measures.
The health system said it would spend an estimated $2.7 million to implement multifactor authentication for email access in order to reduce phishing attacks.
The final approval hearing for the settlement is scheduled for Sept. 6. Read more.
