A class action alleges negligence on the part of Integris Health is to blame for a cyberattack announced in December 2023 that compromised the personal data of more than two million patients.
Defendant(s) CategoriesNew to ClassAction.org? Read our Newswire Disclaimer
A proposed class action alleges negligence on the part of Integris Health, Inc. is to blame for a cyberattack announced in December 2023 that compromised the personal information of more than two million patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the 54-page lawsuit, the major Oklahoma-based healthcare system publicly announced on December 24, 2023 that it had discovered suspicious activity in some of its computer systems. The notice posted on Integris Health’s website relays that certain files stored in its network may have been accessed by an unauthorized third party on November 28.
The suit shares that between December 24 and 27 of last year, patients began to receive extortion emails from a hacker group that claimed responsibility for the cyberattack and demanded ransom for the stolen data. In the email, the threat actor gave recipients until January 5, 2024 to click on a provided link to a dark-web website and pay $50 to delete their stolen data or $3 to view it, the case describes. The cybercriminals threatened to “sell the entire database to data brokers” on that date if the ransom demands were not met, the complaint says.
Per the filing, the “disturbing” emails were sent by “DataLeakege@hashtag-bg.com,” though similar lawsuits claim the hacker group used the email addresses “DataLeakege@consultas.itev.com.br” and “dataleakege@igpc.mcambraia.dns-secure.net.”
As the case tells it, the types of personal information compromised in the Integris cyberattack varied by individual but included highly confidential data such as names, dates of birth, contact details, demographic information and Social Security numbers. In the extortion email, the threat actor also claims to have stolen individuals’ insurance details and employer data.
The suit contends that Integris Health failed to take reasonable data security precautions to adequately protect the information in its care.
“Due to [Integris Health’s] negligence, cybercriminals have stolen and obtained everything they need to commit identity theft and wreak havoc on the financial and personal lives of millions of individuals,” the case charges.
As of the date of the filing, December 29, 2023, the defendant had yet to issue notice letters informing victims of the incident, nor has it made any offer of identity monitoring services to impacted individuals, the complaint says.
The lawsuit looks to represent anyone in the United States whose personal information was compromised in the Integris Health data breach that occurred in or around November 2023.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.