BERLIN – Atlantic General Hospital continues to encourage patients impacted by January’s data breach to remain vigilant in notices mailed to those affected.
About five months after initial reports of a ransomware incident at Atlantic General Hospital (AGH), notices have been sent to impacted individuals and lawyers are trying to drum up clients for class action lawsuits related to the data breach. While the hospital would not comment on the potential for lawsuits, the letter mailed to patients June 22 provides details of the incident, AGH’s response and steps to protect against the misuse of personal information. This was the second mailer addressing the incident.
“AGH takes the privacy and security of the information in out care seriously,” the letter from AGH President and CEO Don Owrey reads. “We sincerely regret any inconvenience or concern this incident may cause you.”
On Jan. 29, AGH discovered encrypted files on certain computer systems. An investigation revealed unauthorized use of certain AGH servers beginning on Jan. 20, according to the letter.
Through our investigation, we learned that certain files within our network were subject to unauthorized access during the period of unauthorized access,” the letter reads. “AGH then undertook a comprehensive review of these files to determine what data was contained within the files and to whom the data relates.”
AGH has seen no evidence of misuse of any information related to the incident but the letter advises recipients that their name and patient account number, date of birth, medical billing/claims information and treatment information was present on the impacted servers.
“AGH encourages you to remain vigilant against incidents of identify theft and fraud by reviewing your account statements and monitoring free credit reports for suspicious activity and to detect errors,” the letter reads.
In the wake of the notification, lawyers started seeking clients for potential class action suits against the hospital. Advertisements from law firms on social media outlined the ransomware attack and stressed the array of personal information that could be involved. Other law firms have added links to their websites addressing the AGH incident.
“Regardless of the reason for a security breach, victims have the right to file a claim against a company for failing to protect their information,” The Lyon Firm’s website reads. “All companies and organizations must exercise reasonable care in protecting patient information, and if they do not, they can be held liable for the damages that result, including identity theft.”
