Milberg Files Lake Charles Memorial Health Data Breach Lawsuit
by Brian Eckert
Southwest Louisiana Health Care System, doing business as Lake Charles Memorial Health System (LCMHS), suffered an October 2022 data breach that is the subject of a Milberg class action lawsuit.
Approximately 270,000 patients who received care at LCMHS were impacted by a cyberattack that exposed their private information, including medical records, insurance information, and Social Security numbers. If you have received a data breach notification from LCMHS, you may be eligible to join Milberg’s class action lawsuit and obtain compensation for your losses.
LCMHS Hit With October 2022 Cyberattack
Lake Charles Memorial Health System is the largest medical complex in Lake Charles, Louisiana. LCMHS consists of a 314-bed hospital, a 54-bed women’s hospital, a 42-bed behavioral health hospital, a primary care clinic for uninsured individuals, and an affiliate physician group of over 100 specialists.
In a patient notice posted on its website, LCMHS announced it was the target of a “cybersecurity incident” that occurred on October 21, 2022. According to the notice, the organization’s IT team “detected unusual activity” on its computer network.
Patients are encouraged to review statements from their health insurer and healthcare providers, and to contact them immediately if they see any services they did not receive.
An internal investigation revealed that an “unauthorized third party” gained access to the LCMHS network and stole files. Bleeping Computer reports that the Hive ransomware group claimed responsibility for the incident.
LCMHS reported the attack to the Department of Health and Human Services on December 22. The HHS report lists 269,752 affected individuals.
On December 23, LCMHS began mailing data breach notifications to patients whose information may have been contained in the stolen files. LCMHS’s review of the files indicates that they include the following patient information:
- Names, addresses, and dates of birth
- Medical record or patient identification numbers
- Health insurance information
- Payment information
- Clinical information regarding care received at LCMHS
- Social Security numbers (in some cases)
Milberg’s Lake Charles Memorial Health System Lawsuit
Plaintiffs Chantel Manuel and Harriet Manuel received data breach notifications from LCMHS informing them that their private information was possibly involved in the data breach.
Represented by Milberg attorneys Andrew A. Lemmon and Kary M. Klinger, the plaintiffs say that LCMHS failed to properly secure their personally identifiable information (PII) and protected health information (PHI). They filed a class action complaint in the 14th Judicial District Court of Louisiana, Parish of Calcasieu.
The complaint explains how victims of the LCMHS data breach are likely to face ongoing issues related to the sale of their unencrypted PHI and PII on the dark web, which is the modus operandi of hackers. Victims are at risk of suffering:
- Loss of control over how their PHI is used
- Diminution in value of their PHI
- Out-of-pocket costs associated with the prevention, detection, recovery, and remediation from identity theft or fraud
- Lost opportunity costs and lost wages associated with the time and effort expended addressing and attempting to mitigate the actual and future consequences of the data breach
- Unauthorized use of stolen information
Stolen PHI and PII—in particular medical records—are of considerable value to criminals on the black market. Naked Security writes that healthcare is the most-attacked industry due to the profitability of medical data. Hacked medical records can sell on the dark web for 50 times more than a compromised Social Security number or Facebook account.
The exposed Private Information of Petitioners and Class Members can and likely already has been sold on the dark web. Indeed, Petitioners’ and Class Members’ Private Information has already been made available online.
Healthcare organizations are increasingly under cyberattack. Mimecast Research reports that 90% experienced an email-based attack in a recent year. In 2021, 17.7% of data breaches were in the medical or healthcare industry, reports the Identity Theft Resource Center. In 2022, data breaches fell just shy of the all-time high of 1,862 breaches set in 2021.
The prevalence of data breaches generally, and healthcare breaches specifically, made what happened at LCMHS “reasonably foreseeable,” states Milberg’s lawsuit.
You Could Be Eligible to Join This Lawsuit
Plaintiffs seek certification of their class action lawsuit on behalf of themselves and the following group:
- All persons whose Private Information was actually or potentially accessed or acquired during the Lake Charles Memorial Health System data breach that took place on or around October 21, 2022
If you meet this criteria, and the lawsuit results in a verdict or settlement, you might be automatically eligible to recover damages to compensate you for monetary losses, lost time, and other consequences of the LCMHS data breach.
You do not have to hire an attorney to join this lawsuit. Milberg is representing all class members on a contingency fee basis. We pioneered federal class action lawsuits and are a national leader in data breach litigation.