In September 2023, Morrison Community Hospital, 25-bed critical access hospital in Illinois, experienced a cyberattack that compromised its IT systems.
What happened
Cybercriminals gained unauthorized access to sensitive personal and health information belonging to 122,488 current and former patients. Following the breach, some of the affected patients initiated a class action lawsuit against the hospital. Despite denying any wrongdoing or liability, Morrison Community Hospital agreed to a settlement of $675,000 to resolve the legal claims. Under the terms of the settlement, impacted individuals can claim up to $5,000 for losses directly related to the data breach. The deadline for filing claims is set for February 5, 2025.
What was said
According to the settlement notice, “Eligible claimants under the Settlement Agreement will be eligible to receive: Compensation for Unreimbursed Economic Losses, up to $5,000, incurred as a result of the Data Incident; OR Pro Rata Cash Payment, in lieu of the reimbursement for Unreimbursed Economic Losses.”
Why it matters
The settlement reflects a growing trend in holding institutions accountable for failing to protect sensitive information. Notably, the HHS Office for Civil Rights (OCR) announced a $40,000 settlement with Green Ridge Behavioral Health following a ransomware incident that compromised the protected health information of over 14,000 individuals.
There is now an urgent need for healthcare providers to improve their cybersecurity measures and comply with HIPAA regulations, as ransomware attacks have surged by 264% in recent years. Additionally, a separate settlement was reached with Memorial Healthcare System for $60,000 over issues related to patient access to records.
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is a data breach?
A data breach occurs when an unauthorized individual gains access to sensitive information, such as personal data or intellectual property. This can lead to identity theft, financial loss, and reputational damage for organizations.
What are the most common types of cyber threats?
Common cyber threats include malware (such as viruses and ransomware), phishing attacks, denial-of-service (DoS) attacks, password attacks, man-in-the-middle attacks, and SQL injection. Each of these poses unique risks to individuals and organizations.
Kirsten Peremore
