Patients file class-action lawsuit against DCH Health System following cyber attack

State / Regional

TUSCALOOSA, Ala. (WIAT) — Months after a cyber attack rendered DCH Health System’s confidential patient information hostage and kept hospitals unable to help patients for a time, a group of people are saying the group was careless.

On Dec. 23, a class action lawsuit was filed against DCH, claiming they maintained their private information in “a reckless manner” and did not properly monitor its computer network to ensure that the ransomware attack was discovered sooner.

News of the complaint was first reported by The Tuscaloosa News Friday afternoon.

“Because of the Ransomware Attack, Plaintiffs and class members had their medical care and treatment as well as their daily lives disrupted,” the complaint stated. “As a consequence of the ransomware locking down the medical records of Plaintiffs and class members, Plaintiffs and the class members had to forego medical care and treatment or had to seek alternative care and treatment.”

On Oct. 1, DCH’s hospitals in Tuscaloosa, Northport and Fayette were temporarily closed due to a breach in its computer system. The source of the breach was a cyber attack from an unknown group asking for money in exchange for access to the hospital’s patient records.

Because of the breach, no new patients were admitted to the hospitals, often routing patients to hospitals in Birmingham and Mississippi.

“Our hospitals have implemented our emergency procedures to ensure safe and efficient operations in the event technology dependent on computers is not available,” a message posted on DCH’s website stated. “That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Our staff is caring for the patients who are currently in the hospital, and we have no plans to transfer current patients.”

On Oct. 5, DCH paid an undisclosed amount of money to the hackers and were able to regain access to its records once again.

Following the breach, DCH spokesman Brad Fisher maintained that no patient or employee data had been stolen.

“They just basically found a way to put the computer systems out of business until you pay them money and they give you the code,” Fisher told CBS 42.

However, the plaintiffs in the complaint stated that with the attack, their identities are now at risk and, as a result, must pay for services to insure their financial information is secure.

“As a result of the Ransomware Attack, Plaintiffs and class members have been exposed to a heightened and imminent risk of fraud and identity theft,” the complaint stated. “Plaintiffs and class members must now and in the future closely monitor their financial accounts to guard against identity theft.”


Copyright 2020 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Latest Videos

More Video

Trending Stories