Logan Health and subsidiary, sister, and related entities are facing legal action because of a data breach that happened in 2021 and impacted 213,543 patients of Logan Health Medical Center.
Law firm Heenan & Cook filed the class-action lawsuit in the U.S. District Court for the District of Montana Great Falls Division on behalf of plaintiff Allison Smeltz along with all individuals similarly affected by the health system’s alleged failure to keep the plaintiff’s and class members’ sensitive personal data secure.
Logan Health reported the data breach in question in February 2022. The breach investigation results confirmed that unauthorized persons got access to its system from November 18, 2021 to November 22, 2021. The attackers acquired access to one file server keeping files that included patients’ protected health information (PHI) like names, contact details, insurance claim data, date(s) of service, medical insurance data, and medical bill account number. Logan Health stated it did not find any evidence of patient data misuse. It offered free credit monitoring and identity protection services to the impacted persons and is implementing extra measures to avert the same data breaches
Based on the legal action, the cyberattack and data breach happened because Logan Health failed to provide enough and reasonable training to employees and/or implement adequate procedures and protocols. Logan Health and the other defendants should already know the value of PHI to hackers and the possibility of data breaches, considering the number of breaches being reported nowadays and the alerts given by Federal bureaus to the healthcare sector.
The lawsuit underlines that this is not the only data breach that has affected Logan Health. Logan Health had another breach report filed in January 2021 that impacted 2,081 Montanans, and one more in 2019 that impacted 126,805 Montanans when Logan Health was still known as Kalispell Regional Healthcare.
The lawsuit states that because of the failure to stop the data breach, affected individuals have encountered and will suffer damages, which include the exposure, publication, stealing and/or unauthorized usage of their PII/PHI, out-of-pocket expenses to prevent, detect, recover, and remediate identity theft or fraudulence, lost opportunity costs and lost salaries, and the continuing danger to their PII/PHI from the inability of Logan Health to employ proper safety measures to secure against data breaches.
The lawsuit states a number of causes of action, such as negligence, breach of privacy, unjust enrichment, breach of implied contract, and breach of the Montana Consumer Protection Act, and claims Logan Health was unable to carry out the demands of the Health Insurance Portability and Accountability Act (HIPAA).
The lawsuit wants class-action status, injunctive relief, a jury trial, statutory, compensatory, and punitive damages, in addition to attorneys’ service fees.