NEW HANOVER COUNTY, NC (WWAY) — Wilmington Surgical Associates is facing a lawsuit over a data breach that happened in October 2020.
The practice was a victim of a ransomware attack carried out by the NetWalker, a hacking group that has targeted other healthcare providers in the past.
In data reported to the U.S. Department of Health and Human Services’ Office of Civil Rights, the practice estimated that nearly 115,000 people had their data exposed during the breach.
On December 17, 2020, Wilmington Surgical Associates Practice Administrator Chad Martin sent letters to patients that had personal information stolen from the data breach. The letter states the attack happened on October 19, 2020.
The letter says the hacker was able to obtain data including patients’ names, dates of birth, Social Security numbers, insurance information, and other demographic and clinical information.
Due to the attack, the letter says the practice arranged for free identity theft protection services for 12 months.
According to Rhine Law Firm, a class-action lawsuit has been filed on the matter which seeks to force Wilmington Surgical Associates to implement stronger cybersecurity measures, to submit to audits of its security practices, and to commit to practices and procedures to ensure that a future attack is unsuccessful.
The lawsuit also seeks compensation for patient losses, and more robust credit monitoring and fraud resolution services.
The increase in activity from NetWalker prompted the FBI to issue a FLASH alert in July 2020 warning healthcare organizations, educational institutions, private sector companies, and government agencies about the increased risk of attack.