Following the recent Ascension ransomware attack, legal challenges are mounting for the healthcare giant. Just days after the cyberattack disrupted operations across its extensive network of 140 hospitals, Ascension is facing two proposed class-action lawsuits. The lawsuits, filed in the District Courts of Illinois and Texas, allege negligence on Ascension's part, citing the failure to encrypt patient data as a critical oversight. This, plaintiffs argue, has exposed them to the risk of identity theft for years to come, following the Ascension cyberattack that forced the diversion of ambulances and the suspension of elective care services.

Class-Action Lawsuit Arises from Ascension Ransomware Attack

While Ascension has not confirmed any compromise of patient data, investigations are ongoing. Plaintiffs contend that had proper encryption measures been in place, data stolen by the cybercriminal group Black Basta would have been rendered useless, highlighting the negligence they claim Ascension displayed. We are conducting a thorough investigation of the incident with the support of leading cybersecurity experts and law enforcement," an Ascension spokesperson stated. "If we determine sensitive data was potentially exfiltrated or accessed, we will notify and support the affected individuals in accordance with all relevant regulatory and legal obligations”, reported Healthcare Dive on Thursday. The lawsuits, filed shortly after the Ascension ransomware attack, target the healthcare provider's alleged failure to implement adequate cybersecurity measures, a move plaintiffs argue could have prevented the incident. Both cases, represented by the same legal counsel, highlight the harm suffered by patients due to the exposure of their private information, which they assert was foreseeable and preventable.

Ascension Lawsuit and Mitigation Tactics

Despite ongoing investigations and assurances of cooperation with authorities, Ascension has yet to disclose whether patients' sensitive information was compromised during the cyber incident.  “Ascension continues to make progress towards restoration and recovery following the recent ransomware attack. We continue to work with industry leading forensic experts from Mandiant to conduct our investigation into this attack and understand the root cause and how this incident occurred”, stated Ascension on its Cybersecurity Event Update page.  In parallel, additional cybersecurity experts from Palo Alto Networks Unit 42 and CYPFER have been brought in to supplement the rebuilding and restoration efforts. The focus is on safely and swiftly bringing systems back online. “We are also working on reconnecting with our vendors with the help of our recovery experts. Please be aware that it may still take some time to return to normal operations”, added Ascension.  The Catholic health system, which spans 140 hospitals and 40 senior living facilities nationwide, employs a workforce of approximately 132,000 individuals. Despite the financial strain imposed by the Ascension ransomware attack, industry analysts note Ascension's robust liquidity and leverage position, offering a significant rating cushion against such one-off events. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A class action lawsuit has been filed against J.P. Morgan Chase & Co., alleging that the financial giant failed to implement adequate security measures, leading to the exposure of sensitive personal data of its clients. Benjamin Valentine, a former employee of the Long Island Railroad, filed a complaint alleging that his personal information was improperly obtained in a recent J P Morgan data breach that compromised the accounts of thousands of users.

J P Morgan Data Breach Compromised Thousands of Users

[caption id="attachment_67262" align="alignnone" width="971"] Source: Chase[/caption] According to documents filed in the U.S. District Court for the Southern District of New York on May 3, Valentine's case is detailed in a Class Action Complaint (Case 1:24-cv-03438-JLR). The lawsuit contends that J.P. Morgan, a significant player in the financial industry offering a wide array of services to millions of customers, failed to adequately safeguard the personal information of its clients' employees, resulting in substantial harm. Valentine's complaint outlines how J.P. Morgan collected and maintained sensitive personally identifiable information (PII) of its clients' employees, including names, addresses, payment details, and Social Security numbers. This information, crucial for financial transactions and security, was compromised in the J P Morgan data breach and fell into the hands of cybercriminals. The lawsuit asserts that as a consequence of the breach, Valentine and approximately 451,000 other affected individuals suffered tangible damages, including invasion of privacy, identity theft, and the loss of trust and value in their personal information. Moreover, the breach exposed them to ongoing risks of fraud and further misuse of their data.

The Legal Action on J P Morgan

The legal action further alleges that J.P. Morgan's failure to implement adequate cybersecurity measures and its reckless handling of sensitive data contributed directly to the breach. Despite claims by J.P. Morgan that the breach was not the result of a cyberattack, the lawsuit argues that the company's negligence made it a target for such malicious activities. Valentine's complaint highlights J.P. Morgan's purported lack of transparency and timely notification regarding the breach, leaving affected individuals uninformed about the root cause and remedial actions taken. This, the lawsuit claims, exacerbates the emotional and financial distress experienced by victims. The Cyber Express has reached out to the organization to learn more about this J P Morgan data leak. However, J.P. Morgan has not provided an official statement regarding the cyber incident. Following the incident, a regulatory filing revealed that the breach stemmed from a software issue, which the company addressed promptly upon discovery. Valentine seeks various forms of relief through the lawsuit, including compensation for damages, injunctive relief, and reimbursement of legal fees. He is represented by the law firm Milberg Coleman Bryson Phillips Grossman LLC, based in Garden City, New York. As the legal proceedings unfold, The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the data breach or any new updates about the lawsuit.   Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Ernest Health, a US-based healthcare system, faces lawsuits after a cyberattack compromised the data of around 94,747 patients. The Ernest Health data breach, detected on February 1, 2024, involved unauthorized access to its networks from January 16 to February 4, 2024. The LockBit ransomware group claimed responsibility and threatened to release stolen information, including patient names, contact details, health data, and Social Security numbers. LockBit, notorious for its ransomware-as-a-service operations, reemerged online mere days after a global police crackdown aimed to capture its operation. Following this Ernest Health cyberattack, the healthcare provider was compelled to file a notice of data breach with the Attorney General of Massachusetts upon discovering unauthorized access to its IT network, including the networks of its hospitals.  This breach led to the exposure of sensitive patient information, encompassing details like names, Social Security numbers, addresses, medical records, and more.

Ernest Health Data Breach Turns Into Class Action Lawsuit

Following an extensive investigation, Ernest Health commenced a process of notifying affected individuals about the breach, ensuring transparency about the compromised data. In response to the Ernest Health data breach, plaintiffs Joe Lara and Laurie Cook have initiated a class-action lawsuit against Ernest Health.  Alleging negligence in safeguarding highly sensitive data, the lawsuit highlights Ernest Health's failure to adequately train employees on cybersecurity measures and maintain sufficient security protocols, leaving patient information vulnerable to cybercriminals. The lawsuit, filed in the United States District Court, Northern District of Texas, contends that Ernest Health's actions not only breached its duty to protect patient data but also violated state and federal laws governing data protection and breach notifications. Plaintiffs Lara and Cook, representing the class of over one hundred current and former patients affected by the breach, argue that Ernest Health's delayed notification deprived them of the opportunity to mitigate potential damages promptly. The exposed information places them at risk of identity theft and other harms, necessitating legal recourse to address the Ernest Health data breach and its repercussions.

Decoding the Ernest Health Class Action Lawsuit 

The Ernest Health class action lawsuit outlines various causes of action, including negligence, negligence per se under the FTC Act and HIPAA, and breach of implied contract, emphasizing Ernest Health's failure to fulfill its obligations in protecting patient information and mitigating damages resulting from the breach. In seeking relief, the plaintiffs and class members are pursuing certification of the case as a class action, along with declaratory and equitable relief, damages, coverage for attorneys' fees and costs, and other appropriate remedies deemed necessary by the court. With demands for a jury trial and a comprehensive legal strategy in place, plaintiffs aim to hold Ernest Health accountable for its role in the data breach and secure justice for those affected by the cyberattack. As the case unfolds, the Ernest Health lawsuit highlights the growing threat posed by cyberattacks on healthcare institutions. In a similar case, the recent cyberattack Change Healthcare is going to result in expenses of $1.6 billion this year.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.