[BreachExchange] Class action filed after HHS warns 130 hospitals, health systems left millions' PHI exposed

[Sophia Kingsbury]

https://www.beckershospitalreview.com/cybersecurity/class-action-filed-after-hhs-warns-130-hospitals-health-systems-left-millions-phi-exposed.html

Two patients filed a class action against two radiology companies after
more than 1 million patients who received care at hospitals nationwide may
have been exposed because of vulnerabilities in medical imaging archiving
software.

Five things to know:


   1. In mid-2019, cybersecurity researchers analyzed 2,300 medical images
   hosted by picture archiving communications systems, which hospitals use to
   share medical images and data, according to court documents.
   2. The researchers discovered flaws in Northeast Radiology and Alliance
   HealthCare's service that allegedly permitted unauthorized access to more
   than 1.2 million patients' protected health information. The PHI that was
   exposed allegedly includes 61 million X-rays, CT scans, MRIs, medical test
   results, patient names, Social Security numbers and more.
   3. The researchers contacted the radiology companies, but their warnings
   were ignored, the court documents said.
   4. Two Northeast Radiology patients are suing the radiology firms on
   behalf of themselves and the class members to settle damages caused by the
   breach, the court filings said. The researchers who discovered the breach
   said the value of the damages exceeds $1 billion and might be as high as
   $3.3 billion, due to the risk of theft from exposure and a large number of
   alleged victims.
   5. In a June 29 news release, HHS warned that about 130 hospitals and
   health systems were using PACS, with more than 2 million patients and 275
   million medical images and PHI potentially exposed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210712/1939aa53/attachment.html>