Lawsuit alleges hospital intentionally hid weak data systems, failed to protect patient data
A lawsuit alleges Frederick Health Hospital intentionally omitted that its data systems were vulnerable to attacks, failed to protect patient data from cyber criminals and didn't properly notify those impacted by a ransomware attack on the hospital in January.
The lawsuit was filed on March 4 on behalf of two current patients, Ernest Farkas and Joseph Klingman, as well as any other patients affected by the ransomware attack.
Klingman declined to comment for this story. Farkas could not be reached for comment.
Raina Borrelli of Strauss Borrelli PLLC of Chicago, Illinois, an attorney representing the patients, declined to comment Wednesday on the lawsuit.
On Jan. 27, an unauthorized person accessed patients' personal data — which may have included names, Social Security numbers, birthdays, health insurance information and drivers' license numbers.
FHH on Feb. 6 began notifying people affected by the attack, according to the lawsuit.
The two patients named in the complaint have both experienced 'anxiety, sleep disruption, stress, fear, and frustration' due to a 'substantially increased risk of fraud, misuse, and identity theft,' the lawsuit says.
Although the total number of people impacted isn't known, the lawsuit alleges that over 100 people — potentially hundreds — were affected.
The complaint alleges that FHH failed to implement industry-standard cybersecurity measures and intentionally hid from patients that its data systems could be attacked and personal information could be accessed.
Due to FHH's 'unfair and deceptive acts and practices,' the lawsuit said, the patients affected will 'continue to suffer injury, ascertainable losses of money or property, and monetary and non-monetary damages, including from fraud and identity theft; time and expenses related to monitoring their financial accounts for fraudulent activity; an increased, imminent risk of fraud and identity theft; and loss of value' of their personal information.
FHH spokesperson Josh Faust said in a statement on March 28 that the hospital confirms it is the subject of a lawsuit related to the ransomware attack in January, but FHH can't comment on the specifics of ongoing legal proceedings.
FHH wants to 'assure our patients and the community that we take this matter seriously, and we are fully committed to resolving this issue responsibly and with integrity,' he said.
On March 28, FHH sent out letters to patients and staff who have been or may be impacted by the ransomware attack.
These letters include instructions of what people should do if they were affected by the attack. Tom Kleinhanzl, FHH's president and CEO, said FHH is offering people free identity theft protection and credit monitoring.
At the time the lawsuit was filed, it alleged, the hospital wasn't offering those services.
The complaint calls for a jury trial and asks for an unspecified monetary amount over $100,000 to be paid to the people affected.
FHH has until May 9 to respond.
Inadequate security measures, notices
Kleinhanzl said in an interview on March 27 that during the data breach, an unauthorized person accessed documents in a shared drive, which he described as an electronic storage closet for historical documents.
FHH's electronic medical records system, patient portal and emails were not accessed in the attack, but the company took its systems offline proactively.
The lawsuit said it is not known how long the unauthorized person had access to FHH's data network before the ransomware attack happened.
It also alleges that there are log-in credentials for Frederick Health employees on the 'Dark Web,' which cyber criminals may have used to access the company's systems if those credentials weren't reset.
The complaint alleges that FHH didn't adequately train its employees on cybersecurity and didn't have proper safeguards and security protocols in place to protect patients' personal and protected health data.
It also claims that because FHH waited to begin notifying people about the data breach, it deprived patients the earliest possible opportunity to start mitigating any suspicious activity or 'injuries' from their data being compromised.
Some of the damages the lawsuit claims people impacted by the attack may experience include:
* 'Compromise and continuing publication' of their personal information
* Out-of-pocket costs to try to prevent identify theft and fraud
* Delay in receiving tax refunds
People with access to the stolen information could use it to access patients' bank accounts, hack online accounts and commit identify fraud to open bank accounts without the patients knowing.
With a recent increase in the number of cyber attacks and data breaches — which hospitals are a popular target for — FHH should've known of the risk of a data breach and been prepared to stop one, the lawsuit said.
The suit also assumes that the compromised data has been or will soon be published to the Dark Web.
The lawsuit also claims that FHH violated federal laws restricting the release of medical information, as well as intentionally deceived patients by suppressing the fact its data systems were vulnerable to attacks and that the company didn't comply with consumer protection regulations.
If FHH had told patients its data systems weren't secure, the company 'would have been unable to continue in business and it would have been forced to adopt reasonable data security measures and comply with the law,' the complaint said.
The suit alleges FHH 'acted intentionally, knowingly, maliciously, and recklessly disregarded' patients' rights.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
7 hours ago
- Yahoo
Data breach at Missouri Department of Conservation exposed employees' personal information
KANSAS CITY, Mo. — The Missouri Department of Conservation (MDC) said Friday that its employees' personal information was leaked in a data breach earlier this year. In February of this year, the MDC said its cybersecurity team notified it of unauthorized access to one of its servers. City of Leavenworth files new lawsuit against CoreCivic after judge throws out previous suit At first, the department said no personal information had been compromised in the data breach. However, in April, the MDC determined that some files had been impacted by the breach. Specifically, the department has determined that current and former beneficiaries of the MDC's health benefits plan may have been impacted. However, the MDC cannot confirm exactly what data has been affected for each of the impacted individuals. The information involved may have included contact information (i.e., name, address, date of birth, phone number and email) and one or more of the following: Health benefits plan enrollment information Other personal information, such as Social Security numbers, driver's license numbers or state ID numbers. The department said it's continuing to investigate with the help of law enforcement. In the meantime, the MDC said individuals can take the following steps to protect themselves: Monitor any benefits statements received from health care providers, as well as bank and credit card statements, credit reports and other similar documents for any unfamiliar activity. Contact your medical provider or health plan if you identify health care services that you did not receive on your benefits statement. Contact your financial institution, credit card company or other applicable agency if you notice any suspicious activity on bank or credit card statements or on tax returns. Contact local law enforcement authorities if you believe that you are a victim of a crime. The department said it has implemented additional safeguards in addition to the IT security policies and procedures already in effect. Missouri counties denied state aid for tornado damage The MDC said it's in the process of providing direct, written notification to potentially impacted individuals. The department said it has also provided substitute notification on its website for potentially impacted individuals who may not have sufficient address information on file with the department. 'MDC regrets the inconvenience and concern that this incident may have caused to our team, retirees, and current or former beneficiaries of our health benefits plan,' the department said in a news release. The MDC said it will provide complimentary credit monitoring services to impacted individuals who are concerned their information may have been compromised. More information about complimentary credit monitoring services will be provided in the coming weeks, the department said. Those who believe they have been affected by this data breach can contact the MDC toll-free at 800-392-3111 or PrivacySupport@ Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
10 hours ago
- Yahoo
Bradford Health Services discloses data breach
BIRMINGHAM, Ala. (WIAT) — Bradford Health Services is warning current and former employees and patients that their personal information may have been impacted by a data breach. The breach was initially detected back in December 2023. An investigation into the breach, which concluded on May 15, 2025, determined personal and protected health information could have been accessed during the breach. 'I screamed': Woman, toddler suffer 3rd-degree burns from charcoal buried on beach Information that may have been accessed includes the following: names, driver's license numbers, dates of birth, medical information, health insurance information, financial account numbers, passport numbers, payment card numbers plus a means of access to the account, and/or Social Security numbers. However, Bradford Health, in a news release, stated there is no evidence any information has been misused. For those interested in contacting the health service or knowing more about how to protect your information visit here. Bradford Health provides treatment for drug and alcohol addiction and operates 10 treatment facilities across the state. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
11 hours ago
- Yahoo
Veterans' protests planned for D-Day latest in nearly 250 years of fighting for their benefits
Veterans across the United States will gather on June 6, 2025, to protest the Trump administration's cuts to the Department of Veterans Affairs, as well as the slashing of staff and programs throughout the government. Veteran-led protests will be held at the National Mall, 16 state capitol buildings and over 100 other venues across 43 states. Veterans are disproportionately affected by federal cuts, in part because they make up only 6.1% of the U.S. population but, because of 'veterans preference' in federal hiring, they compose 24% of the 3 million federal workers facing mass layoffs under the Trump administration. Veterans also depend on comprehensive, free, federally funded health care through VA clinics throughout the country. But that care is deteriorating due to cuts, rule changes and return-to-work policies that make it impossible for many VA workers to effectively provide care. Looming cuts to the VA may cause an irreversible blow if the VA stops providing comprehensive care to veterans and, instead, pushes veterans into seeing doctors in private practice. This is not the first time that veterans have engaged in mass mobilization. Veterans groups in the U.S. have successfully mobilized for centuries, crossing traditional political divisions such as race, class and gender. They are powerful messengers, and their actions in the past have helped secure back pay and pensions for veterans, a Social Security and welfare system for U.S. civilians, and foreign policy changes to end wars abroad. I'm a scholar of law, social movements and veterans benefits. Here's a brief history of veterans' campaigns that illustrates how veterans developed their political clout and effectively advocated to protect themselves, and many others, from harmful federal policies. Veterans were not always politically popular, nor were they treated well by the federal government. After the Revolutionary War ended in 1783, Gen. George Washington lobbied Congress to offer lifetime half-pay to officers who served until the end of the war. Given the federal government's financial precariousness at the end of the war, this effort failed. Veterans were unable to successfully mobilize to advocate for the pensions, given their small numbers and internal divisions between more privileged officers and less privileged soldiers. During the Civil War, Congress passed numerous laws designed to support veterans. The 1862 pension law allocated payouts in proportion to a soldier's permanent bodily injury or disability caused by their service. The benefits were generous in comparison with prior allocations, and more veterans began applying for them. Yet, by 1875 only 6.5% of veterans had signed up for pensions. Veterans began to organize to increase awareness about these benefits and to lobby for more. The Grand Army of the Republic became a leading veterans organization that demanded better pension and disability benefits. At the end of the 1800s, earning veterans' votes became a priority for aspiring politicians. The Grand Army of the Republic directly lobbied Congress to pass bills expanding veterans pensions, one of which Democratic President Grover Cleveland vetoed in 1887. The organization then successfully mobilized its members to vote against Cleveland in the 1888 election, securing victory for presidential candidate William Henry Harrison and for Republicans in both houses of Congress. This secured the 1890 Arrears Act, which expanded veterans' pensions and disability payments. By the turn of the 19th century, over 40% of federal expenditures went to veterans. As more veterans returned in 1898 from fighting in the Spanish-American War, and with a huge influx of veterans 20 years later from World War I, veterans mobilized to streamline and expand pension and disability benefits. In the 1920s, the two most prominent veterans organizations, the American Legion and Veterans of Foreign Wars, or VFW, formed a national legislative committee dedicated to lobbying for improved benefits. Each group boasted thousands of members whom they could call on to 'barrage'– a veterans term – congressmen with letters. By 1929, even as the federal budget ballooned, veterans benefits still represented 20% of the total federal budget. The 1924 'Bonus Act,' which Congress passed after overruling Calvin Coolidge's presidential veto, offered WWI veterans a deferred 'bonus' payment available in 1945. But veterans suffered immensely in the Great Depression, along with the rest of the country. Veterans tried a new campaign tactic in 1932, creating the 'Bonus Expeditionary Forces,' or 'Bonus Army,' march on Washington, D.C., to demand their promised pay be delivered sooner. Over the course of three months, from May through July 1932, 40,000 veterans set up encampments throughout the city. During their stay, they crowded congressional galleries and plazas during debates on the bill. When President Herbert Hoover called on the military to disband the encampments, he set himself up for electoral defeat later that year. It took another four years for Congress to pass a law offering an immediate payout, but the veterans got their bonuses in 1936, not 1945. Building from public support bolstered by the Bonus Army march, veterans fought publicly to protect their benefits in the Great Depression. In 1933, President Franklin Delano Roosevelt sought to cut veterans' benefits to help finance other relief programs during the Depression, but veterans successfully lobbied Congress to rescind the cuts. A 1933 VFW encampment in Milwaukee attracted 10,000 veterans who openly decried Roosevelt's economic policies. The event featured left-wing Louisiana populist Sen. Huey P. Long and former Marine turned anti-Wall Street populist Smedley Butler. The U.S. entered World War II in December 1941. To avoid another spectacle, FDR began developing a compensation program for World War II veterans even before the war's end. During debates about these expenditures, veterans activism helped ensure the generous educational, housing and vocational benefits from the so-called GI Bill developed by FDR, and the soldier vote helped secure FDR's fourth-term election in 1944. Scholars credit the GI Bill with creating a booming U.S. economy from the 1950s through the 1970s and creating the contemporary middle class, an economic and social group now shrinking and under threat. After World War II, veterans' mobilization expanded from a focus on benefits to foreign policy. Most famously, after its founding in 1967, Vietnam Veterans Against the War engaged in street theater and gathered testimonies about U.S. military abuses to condemn the U.S. government for violence against the Vietnamese. Vietnam Veterans Against the War helped organized a four-day protest in 1971 in Washington, D.C., including camping on the National Mall. The organization continued to mobilize in more traditional ways, drafting congressional legislation for benefits and promoting investment in psychological support for Vietnam veterans. Veterans have continued to protest wars, particularly the Iraq War, engaging in street protests and also through mainstream politics such as elections and television advertising. Given their experiences, veterans today know what they are standing up for on June 6: their own freedom and prosperity, as well as the country's and the world's. This article is republished from The Conversation, a nonprofit, independent news organization bringing you facts and trustworthy analysis to help you make sense of our complex world. It was written by: Jamie Rowen, UMass Amherst Read more: 5 reasons veterans are especially hard-hit by federal cuts Peace advocates have long been found among veterans who fought in America's wars Military veterans are disproportionately affected by suicide, but targeted prevention can help reverse the tide Jamie Rowen receives funding from National Science Foundation.
