Intellihartx Facing Class Action Lawsuit Over 490K-Record Data Breach
A lawsuit has been filed against Intellihartx, LLC, (aka ITx Companies), over a cyberattack by the Clop ransomware group that exploited a vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution. The protected health information of 490,000 patients of its healthcare clients was compromised in the attack in late January. Intellihartx was one of 130 GoAnywhere users to be affected.
Intellihartx, a revenue cycle management company, said protected health information was compromised in the January 30, 2023 cyberattack, including names, contact information, insurance information, diagnoses, medications, dates of birth, and Social Security numbers. Affected individuals were notified about the data breach on June 9, 2023, more than 4 months after the discovery of the attack.
The lawsuit, Laren Perrone v. Intellihartx, LLC, was filed in the U.S. District Court of the Northern District of Ohio Western Division and alleges the defendant failed to properly secure and safeguard the protected health information of the plaintiff and class members, did not adequately supervise its business associates, vendors, and suppliers, and did not detect the data breach in a timely manner.
The lawsuit claims the defendant was aware of the vulnerability on January 29, 2023, so could have prevented the data breach, and also prevented or limited the severity of the breach if it had limited the patient information it shared with its business associates and employed reasonable supervisory measures to ensure that adequate data security practices, procedures, and protocols were being implemented and maintained by its business associates.
The lawsuit claims the plaintiff and class members face an imminent, immediate, and continuing increased risk of suffering ascertainable losses from the data breach, including identity theft and other fraudulent misuses of their data, and have and will continue to incur out-of-pocket expenses mitigating the effects of the data breach. The lawsuit does not allege that protected health information has already been misused or that identity theft or other fraud has been experienced.
The lawsuit claims the defendant failed to comply with the standards of the Health Insurance Portability and Accountability Act (HIPAA) and FTC guidelines, citing security failures such as a lack of adequate data security systems, practices, and protocols to protect against reasonably anticipated threats or hazards and a failure to mitigate the risks of a data breach.
While monetary relief is being sought to cure some of the plaintiff’s and class members’ injuries, injunctive relief is also sought to ensure the alleged information security issues are corrected to prevent further data breaches in the future. In addition to monetary relief, the lawsuit seeks an order from the court requiring the defendant to fully and accurately disclose the nature of the information that was compromised and to adopt sufficient security practices and safeguards to prevent similar incidents in the future.
The plaintiff and class members are represented by Christopher Wiest, Atty at Law PLLC, and Mason Barney ad Tyler Bean of SIRI & GLIMSTAD LLP.
The post Intellihartx Facing Class Action Lawsuit Over 490K-Record Data Breach appeared first on HIPAA Journal.
Study Identifies Lack of Preparedness for Ransomware Attacks in Emergency Departments
Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. During the acute and recovery phases, access is often prevented to electronic health records and critical IT systems which can naturally have an impact on patient care. Ransomware attacks cause disruption to workflows, increase wait times, and slow patient flow, which can increase patient transfers and complication rates and negatively affect patient outcomes. Some studies suggest mortality rates increase following a ransomware attack.
Research on the impact of ransomware attacks on hospitals is limited, with studies often focusing on the technical consequences of ransomware attacks rather than the impact these attacks have on hospital staff, especially in emergency care. A recent qualitative study, Hacking Acute Care: A Qualitative Study on the Health Care Impacts of Ransomware Attacks Against Hospitals, which was recently published in Annals of Emergency Medicine, sought to explore the impact on staff in more detail and identify the challenges faced by healthcare professionals and IT staff during the acute and recovery phase of hospital ransomware attacks.
The researchers explored the effect of several large ransomware attacks on hospitals between 2017 and 2022 and conducted interviews with 9 individuals at hospitals that had suffered ransomware attacks, including emergency department staff and IT professionals. The study confirmed that ransomware attacks cause significant disruption to emergency department workflows and acute care delivery, and indicate the attacks have a detrimental effect on the well-being of healthcare providers. The low number of participants was due to the “profound hesitancy” of hospitals to participate in the study; however, valuable information was obtained from the interviews that allowed the researchers to gain an insight into the impact of the attacks and make recommendations to improve preparedness and limit the adverse impacts on workflows and staff well-being.
While hospitals often have incident recovery plans, the study highlighted a lack of preparedness for ransomware attacks within emergency departments and highlighted several challenges that are encountered during the acute and recovery stage of the attacks. The lack of access to digital radiology systems following ransomware attacks made ordering and obtaining diagnostic imaging a challenge. The inability to communicate electronically meant forms had to be carried back and forth to the radiology department and medical images often had to be reviewed in person at the radiology department. Non-clinical staff members were found to serve as runners between the point of care and the radiology department, collecting and delivering imaging results, and due to the disruption, diagnostic imaging had to be reserved for the most urgent situations.
Ransomware attacks will naturally have an adverse impact on hospitals; however, that impact can be minimized with better preparedness. The researchers recommend temporarily diverting emergency department personnel in the first few hours of an attack to reduce pressure on acute care services and to use reverse triage, where the most seriously injured patients already in the emergency department are transferred to healthcare facilities unaffected by the attack. Patient care protocols should be established for when critical systems are offline and training should be provided to employees on paper-based charting and recording of patient information, and hospitals should ensure that paper charts and diagnostic order forms are on hand for emergencies. The researchers also recommend transparency with hospital staff, patients, and partners to help mitigate cyberattack concerns.
The post Study Identifies Lack of Preparedness for Ransomware Attacks in Emergency Departments appeared first on HIPAA Journal.
Nessel joins multi-state coalition urging more safeguards for … – Michigan Radio
A Lesson in Both Cybersecurity and Responding to Requests for … – Lexology
FACT SHEET: Biden-Harris Administration Highlights Commitment … – The White House
HHS Contemplates HIPAA Changes in Wake of Dobbs – Lexology
UC Round Table: Teams Compliance – UC Today
UC Round Table: Teams Compliance UC Today
A year after Dobbs – Cindy Hyde-Smith
A year after Dobbs Cindy Hyde-Smith