Another class action lawsuit accuses Chicago-based CommonSpirit Health of failing to protect patients’ personal information from a recent ransomware attack on the health system, per Becker’s.
According to the lawsuit, CommonSpirit Health “lost control” of its confidential patient data for over two weeks between mid-September and early October of last year after its computer system was accessed by an unauthorized third party.
As a result of the breach, 623,774 patients were notified that their private information was compromised during the cyberattack. Patient information compromised in the attack included names, addresses, phone numbers, dates of birth and unique IDs used within CommonSpirit Health’s system.
The lawsuit alleges that the data breach was a result of CommonSpirit’s negligence and “abject failure” to take basic cybersecurity precautions to protect the personally identifiable information and protected health information stored in its network.
This is the second lawsuit the health system has been hit with since the attack.