Updated: Lawsuit alleges cybersecurity failures by hospital; Social Security numbers among compromised data
A lawsuit filed against Frederick Health alleges the company kept secret its "inadequate" cybersecurity measures prior to a ransomware attack in January resulting in compromised personal information for at least 100 people.
The lawsuit, filed March 4, also alleges Frederick Health "deprived [people] of the chance to mitigate their injuries" by failing to notify them of the data breach until Feb. 6 — 10 days after the attack on Jan. 27.
'Frederick Health can confirm that it is the subject of a suit pertaining to the cyber event that occurred earlier this year. While we cannot comment on the specifics of the ongoing legal proceedings at this time, we want to assure our patients and the community that we take this matter seriously, and we are fully committed to resolving this issue responsibly and with integrity," a statement by FHH spokesperson Josh Faust said on Friday. "Frederick Health and our legal team are cooperating with officials to review the claim. Our priority remains to positively impact the well-being of every individual in the community and to continue to protect and safeguard the security of our systems and the information we maintain.'
He declined to comment further.
On Jan. 27, FHH identified a ransomware attack. Tom Kleinhanzl, the hospital's president and CEO, said an unauthorized person gained access to and copied documents from a shared drive, which he described as an electronic storage closet for important historical information.
The documents contained information such as patients' names, Social Security numbers, birthdays and addresses.
He said FHH's electronic medical records system, patient portal and emails were not accessed in the attack. The hospital still took the rest of its systems offline proactively as a precaution.
The lawsuit was filed on behalf of two "customers" of Frederick Health, as well as any others affected by the ransomware attack, according to court documents.
Frederick Health has been unable to determine the full extent of the data breach, the suit alleges.
The stolen information is "one of the most valuable commodities on the criminal information black market," the suit says. The information's presence on the "dark web" could result in financial harm for Frederick Health customers, as well as their identities being stolen.
Frederick Health's failure to implement "reasonable and appropriate" cybersecurity measures violated federal consumer protection laws, the suit alleges.
The suit also alleges that Frederick Health "had notice and knew that its inadequate cybersecurity practices would cause injury" to the hospital's customers. Frederick Health deliberately omitted and suppressed the fact that it did not comply with regulations regarding consumer protection, the suit further alleges.
Frederick Health "would have been unable to continue in business and it would have been forced to adopt reasonable data security measures and comply with the law" had it disclosed its vulnerabilities to its customers, the suit alleges.
The suit calls for a jury trial and asks for unspecified monetary and other damages to be paid to those affected.
FHH sends letters
Frederick Health Hospital sent out letters Friday to patients and staff who have been or may be impacted by the ransomware attack.
Kleinhanzl said the letters include instructions for what people should do if they've been impacted. He also said FHH is offering these people free identity theft protection and credit monitoring.
Right after the attack happened, the hospital was diverting ambulances to take patients to other emergency departments.
For several weeks, staff members were using "downtime procedures" and recorded everything on paper since they couldn't use electronic systems.
FHH slowly brought its systems back online over several weeks, with its electronic medical records system being restored on Feb. 18. The hospital announced on March 4 that its patient portal was back up.
Kleinhanzl said he could not comment further on the unauthorized person, the investigation into the attack and what law enforcement agency is working with FHH due to active litigation.
The FBI told The Frederick News-Post on Feb. 4 that it can neither confirm nor deny it is investigating the ransomware attack at FHH.
Kleinhanzl said a "substantial number" of notification letters are being sent out to current and former patients and staff, but he declined to comment on how many letters were being delivered.
Due to the personal information that is in the shared drive, "that's why we felt compelled to be very broad in the distribution of this notification," he said.
He also said the hospital will continually evaluate and modify its security and privacy practices to protect people's information and still has extensive security measures in place.
"We take our role seriously, very seriously, in this community of doing everything we possibly can to protect information, and we want to make sure we're doing right by everyone we can to give an option of protection," Kleinhanzl said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
7 hours ago
- Yahoo
Data breach at Missouri Department of Conservation exposed employees' personal information
KANSAS CITY, Mo. — The Missouri Department of Conservation (MDC) said Friday that its employees' personal information was leaked in a data breach earlier this year. In February of this year, the MDC said its cybersecurity team notified it of unauthorized access to one of its servers. City of Leavenworth files new lawsuit against CoreCivic after judge throws out previous suit At first, the department said no personal information had been compromised in the data breach. However, in April, the MDC determined that some files had been impacted by the breach. Specifically, the department has determined that current and former beneficiaries of the MDC's health benefits plan may have been impacted. However, the MDC cannot confirm exactly what data has been affected for each of the impacted individuals. The information involved may have included contact information (i.e., name, address, date of birth, phone number and email) and one or more of the following: Health benefits plan enrollment information Other personal information, such as Social Security numbers, driver's license numbers or state ID numbers. The department said it's continuing to investigate with the help of law enforcement. In the meantime, the MDC said individuals can take the following steps to protect themselves: Monitor any benefits statements received from health care providers, as well as bank and credit card statements, credit reports and other similar documents for any unfamiliar activity. Contact your medical provider or health plan if you identify health care services that you did not receive on your benefits statement. Contact your financial institution, credit card company or other applicable agency if you notice any suspicious activity on bank or credit card statements or on tax returns. Contact local law enforcement authorities if you believe that you are a victim of a crime. The department said it has implemented additional safeguards in addition to the IT security policies and procedures already in effect. Missouri counties denied state aid for tornado damage The MDC said it's in the process of providing direct, written notification to potentially impacted individuals. The department said it has also provided substitute notification on its website for potentially impacted individuals who may not have sufficient address information on file with the department. 'MDC regrets the inconvenience and concern that this incident may have caused to our team, retirees, and current or former beneficiaries of our health benefits plan,' the department said in a news release. The MDC said it will provide complimentary credit monitoring services to impacted individuals who are concerned their information may have been compromised. More information about complimentary credit monitoring services will be provided in the coming weeks, the department said. Those who believe they have been affected by this data breach can contact the MDC toll-free at 800-392-3111 or PrivacySupport@ Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
11 hours ago
- Yahoo
Bradford Health Services discloses data breach
BIRMINGHAM, Ala. (WIAT) — Bradford Health Services is warning current and former employees and patients that their personal information may have been impacted by a data breach. The breach was initially detected back in December 2023. An investigation into the breach, which concluded on May 15, 2025, determined personal and protected health information could have been accessed during the breach. 'I screamed': Woman, toddler suffer 3rd-degree burns from charcoal buried on beach Information that may have been accessed includes the following: names, driver's license numbers, dates of birth, medical information, health insurance information, financial account numbers, passport numbers, payment card numbers plus a means of access to the account, and/or Social Security numbers. However, Bradford Health, in a news release, stated there is no evidence any information has been misused. For those interested in contacting the health service or knowing more about how to protect your information visit here. Bradford Health provides treatment for drug and alcohol addiction and operates 10 treatment facilities across the state. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
12 hours ago
- Yahoo
Veterans' protests planned for D-Day latest in nearly 250 years of fighting for their benefits
Veterans across the United States will gather on June 6, 2025, to protest the Trump administration's cuts to the Department of Veterans Affairs, as well as the slashing of staff and programs throughout the government. Veteran-led protests will be held at the National Mall, 16 state capitol buildings and over 100 other venues across 43 states. Veterans are disproportionately affected by federal cuts, in part because they make up only 6.1% of the U.S. population but, because of 'veterans preference' in federal hiring, they compose 24% of the 3 million federal workers facing mass layoffs under the Trump administration. Veterans also depend on comprehensive, free, federally funded health care through VA clinics throughout the country. But that care is deteriorating due to cuts, rule changes and return-to-work policies that make it impossible for many VA workers to effectively provide care. Looming cuts to the VA may cause an irreversible blow if the VA stops providing comprehensive care to veterans and, instead, pushes veterans into seeing doctors in private practice. This is not the first time that veterans have engaged in mass mobilization. Veterans groups in the U.S. have successfully mobilized for centuries, crossing traditional political divisions such as race, class and gender. They are powerful messengers, and their actions in the past have helped secure back pay and pensions for veterans, a Social Security and welfare system for U.S. civilians, and foreign policy changes to end wars abroad. I'm a scholar of law, social movements and veterans benefits. Here's a brief history of veterans' campaigns that illustrates how veterans developed their political clout and effectively advocated to protect themselves, and many others, from harmful federal policies. Veterans were not always politically popular, nor were they treated well by the federal government. After the Revolutionary War ended in 1783, Gen. George Washington lobbied Congress to offer lifetime half-pay to officers who served until the end of the war. Given the federal government's financial precariousness at the end of the war, this effort failed. Veterans were unable to successfully mobilize to advocate for the pensions, given their small numbers and internal divisions between more privileged officers and less privileged soldiers. During the Civil War, Congress passed numerous laws designed to support veterans. The 1862 pension law allocated payouts in proportion to a soldier's permanent bodily injury or disability caused by their service. The benefits were generous in comparison with prior allocations, and more veterans began applying for them. Yet, by 1875 only 6.5% of veterans had signed up for pensions. Veterans began to organize to increase awareness about these benefits and to lobby for more. The Grand Army of the Republic became a leading veterans organization that demanded better pension and disability benefits. At the end of the 1800s, earning veterans' votes became a priority for aspiring politicians. The Grand Army of the Republic directly lobbied Congress to pass bills expanding veterans pensions, one of which Democratic President Grover Cleveland vetoed in 1887. The organization then successfully mobilized its members to vote against Cleveland in the 1888 election, securing victory for presidential candidate William Henry Harrison and for Republicans in both houses of Congress. This secured the 1890 Arrears Act, which expanded veterans' pensions and disability payments. By the turn of the 19th century, over 40% of federal expenditures went to veterans. As more veterans returned in 1898 from fighting in the Spanish-American War, and with a huge influx of veterans 20 years later from World War I, veterans mobilized to streamline and expand pension and disability benefits. In the 1920s, the two most prominent veterans organizations, the American Legion and Veterans of Foreign Wars, or VFW, formed a national legislative committee dedicated to lobbying for improved benefits. Each group boasted thousands of members whom they could call on to 'barrage'– a veterans term – congressmen with letters. By 1929, even as the federal budget ballooned, veterans benefits still represented 20% of the total federal budget. The 1924 'Bonus Act,' which Congress passed after overruling Calvin Coolidge's presidential veto, offered WWI veterans a deferred 'bonus' payment available in 1945. But veterans suffered immensely in the Great Depression, along with the rest of the country. Veterans tried a new campaign tactic in 1932, creating the 'Bonus Expeditionary Forces,' or 'Bonus Army,' march on Washington, D.C., to demand their promised pay be delivered sooner. Over the course of three months, from May through July 1932, 40,000 veterans set up encampments throughout the city. During their stay, they crowded congressional galleries and plazas during debates on the bill. When President Herbert Hoover called on the military to disband the encampments, he set himself up for electoral defeat later that year. It took another four years for Congress to pass a law offering an immediate payout, but the veterans got their bonuses in 1936, not 1945. Building from public support bolstered by the Bonus Army march, veterans fought publicly to protect their benefits in the Great Depression. In 1933, President Franklin Delano Roosevelt sought to cut veterans' benefits to help finance other relief programs during the Depression, but veterans successfully lobbied Congress to rescind the cuts. A 1933 VFW encampment in Milwaukee attracted 10,000 veterans who openly decried Roosevelt's economic policies. The event featured left-wing Louisiana populist Sen. Huey P. Long and former Marine turned anti-Wall Street populist Smedley Butler. The U.S. entered World War II in December 1941. To avoid another spectacle, FDR began developing a compensation program for World War II veterans even before the war's end. During debates about these expenditures, veterans activism helped ensure the generous educational, housing and vocational benefits from the so-called GI Bill developed by FDR, and the soldier vote helped secure FDR's fourth-term election in 1944. Scholars credit the GI Bill with creating a booming U.S. economy from the 1950s through the 1970s and creating the contemporary middle class, an economic and social group now shrinking and under threat. After World War II, veterans' mobilization expanded from a focus on benefits to foreign policy. Most famously, after its founding in 1967, Vietnam Veterans Against the War engaged in street theater and gathered testimonies about U.S. military abuses to condemn the U.S. government for violence against the Vietnamese. Vietnam Veterans Against the War helped organized a four-day protest in 1971 in Washington, D.C., including camping on the National Mall. The organization continued to mobilize in more traditional ways, drafting congressional legislation for benefits and promoting investment in psychological support for Vietnam veterans. Veterans have continued to protest wars, particularly the Iraq War, engaging in street protests and also through mainstream politics such as elections and television advertising. Given their experiences, veterans today know what they are standing up for on June 6: their own freedom and prosperity, as well as the country's and the world's. This article is republished from The Conversation, a nonprofit, independent news organization bringing you facts and trustworthy analysis to help you make sense of our complex world. It was written by: Jamie Rowen, UMass Amherst Read more: 5 reasons veterans are especially hard-hit by federal cuts Peace advocates have long been found among veterans who fought in America's wars Military veterans are disproportionately affected by suicide, but targeted prevention can help reverse the tide Jamie Rowen receives funding from National Science Foundation.
