Summary of article from GovInfo Security, by Marianne Kolbasuk McGee:
Ernest Health, a Texas-based operator of rehabilitation hospitals, is facing multiple federal proposed class action lawsuits following a ransomware attack that potentially compromised the sensitive information of over 101,000 individuals across several states. The company reported 33 separate breaches involving a network server and a HIPAA business associate at rehabilitation and long-term care hospitals in 12 states. The lawsuits allege that Ernest Health’s negligence in failing to protect sensitive personal information puts the plaintiffs at risk of identity theft and other crimes. The compromised information includes names, addresses, birthdates, medical record numbers, health insurance plan member IDs, claims data, diagnosis, and prescription information, with some Social Security numbers and driver’s license numbers also affected. In response to the incident, Ernest Health has implemented additional safeguards and technical security measures to further protect and monitor its systems.