Cybersecurity lapses that result in ransomware attacks at veterinary practices have resulted in class-action lawsuits that have led to settlements ranging from a few thousand dollars to hundreds of thousands of dollars. These lawsuits and the ensuing settlements have affected the bottom lines of these practices, resulting in losses after ransomware attacks.
Why lawsuits after ransomware attacks?
Ransomware attacks are no longer just about personal information being stolen and sold online. In a world where everything is running on computers, and data has become more valuable than oil, data stolen has the potential to affect people’s social and economic standing.
To get insight into why a veterinary practice may get sued after a ransomware attack, we need to look at recent ransomware attacks that have resulted in lawsuits.
Scripps Health
On May 1st, a San Diego-based Scripps Health was hit by a ransomware attack that ended up affecting close to 150,000 of its patient records. Reports indicated that the ransomware attackers did not just encrypt data from its 147,267 patients; they also stole the data and caused the health care providers to use paper records for their patients.
It took several weeks before the five-hospital health system was able to bring its services back, and their patients were able to access their personal records,
After the attack, not everyone was satisfied with how Scripps had handled the ransomware attack, and in June, a lawsuit was filed in the Southern District of California on behalf of patients Michael Rubenstein, Richard Machado, and others accusing the hospital of having failed to protect their data, negligence and invasion of privacy resulting from the data breach that compromised their data.
The lawsuit claimed that personal information such as drivers’ licenses and social security numbers had been compromised, which can result in identity theft if such data fell into the wrong hands. Patients records were also compromised, with the principal attorney in the case stating that such information was very sensitive for the hospital to have allowed it to fall into cybercriminals’ hands.
The lawsuit also pointed to the fact that Scripps Health was hacked due to its laxity in cybersecurity measures. They argued that the health system failed to put in place sufficient security measures that would have seen them respond appropriately to the cybersecurity compromise and protect their clients’ data.
Lessons from the Scripps Health lawsuit
The Scripps health ransomware attack and the ensuing lawsuit is a clear indication that veterinary practices or any other organization that gets its cybersecurity compromised are not just on the hook for reimbursements of their clients for data stolen. They can expect to be liable for all kinds of damages resulting from the security compromise.
Personal data stolen from your veterinary practice during the commission of a ransomware attack also has real value and in courts of law, you will be held accountable for cybersecurity laxity that results in data loss. This is a key aspect as almost every veterinary hospital that Lucca audits has very lax cyber security practices; even when an outside IT professional is hired. While we may not be storing SSN, human health care records or credit card info. If I as a hacker can gain three pieces of data that allow me to pinpoint an individual, this makes you liable. For example: I’m able to gain the cell phone number, address and full name of one your clients in a data breach of Jane Doe. This info separates Jane Doe from all of the other Jane Does out there. Thus making you liable.
The Scripps Health lawsuit also shows that the clients are no longer ignorant about their rights on data security. Therefore, as a veterinary practice, having secure systems should be a priority, including having cybersecurity experts for your practice.
Colonial Pipeline ransomware attack and Kaseya ransomware attack
The colonial pipeline ransomware attack and the Kaseya ransomware attack are the two most recent high-profile ransomware attacks that are shaping how lawsuits are filed after a cybersecurity attack.
Millions of people and thousands of businesses, government organizations, veterinary practices and health care systems relied on the two companies to keep their data safe. The two companies were also critical on the running of many businesses and the disruptions caused losses to many traders and businesses.
Morgan & Morgan lawyer, John Yanchunis, is now suing the Colonial Pipeline for their cybersecurity laxity. In a statement, Yanchunis said that many companies are good at selling things to their clients but poor at protecting their clients’ data. According to him, the lack of concern for their clients’ data may have been due to negligence because cybersecurity does not add to the company’s bottom line.
Kaseya is also facing its own legal challenges and multiple lawsuits continue to get filed against the company. The Colonial Pipeline and Kaseya lawsuits are an ongoing issue, and more lawsuits will continue to stream. There are also private settlements that companies are making to avoid going through the legal system and dragged through the court system for years.
Lessons for veterinary practices
One thing that has become apparent from the Colonial Pipeline and Kaseya ransomware lawsuits is that most cases are being settled to avoid costly and protracted court battles. These companies deem such legal fights costly and end up paying to avoid incurring more costs from what they have already gone through.
Veterinary practices that are lax in cybersecurity should note that failing to invest in their security will lead to more damage and a higher cost of mitigation than having a well-working cybersecurity protocol. The lawsuits of the two companies are also an indication of the damage a single ransomware attack can cause to veterinary practice and their clients.
Practice owners looking to avoid bad press, high costs of settlements and protracted legal battles with their clients, which might lead them to lose clients, should consider investing in cybersecurity. They should also invest in professional consultants that are able to address any cybersecurity threat arising from ransomware gangs.
Need help shoring up your veterinary cyber security?
The good news is that good cyber security doesn’t have to be costly or complicated. Schedule a FREE call today to see how we Lucca can help to keep your practice safe.