WILMINGTON, N.C. (WECT) - A lawsuit has been filed against Wilmington Surgical Associates after hackers breached the company’s computer systems and stole sensitive information of nearly 115,000 patients.
The lawsuit, filed in New Hanover County Superior Court on Jan. 11 and later moved to federal court, alleges that Wilmington Surgical Associates (WSA) maintained personal medical information “in a reckless and negligent” manner and employees failed to properly monitor the medical practice’s computer network.
The data breach reportedly occurred around Oct. 17, 2020, with hackers stealing over 13 gigabytes of data that included names, birth dates, social security numbers, and insurance information of thousands of patients.
WSA sent out notifications of the hack approximately two months later — on Dec. 17, 2020 — offering one year of free credit monitoring service, the lawsuit states.
“The data breach was a direct result of defendant’s failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect [personally identifiable information] and [protected health information] of its patients,” according to the lawsuit.
One of the plaintiffs who joined the lawsuit stated that they’ve seen “a substantial increase” in scam phone calls, “which appeared to be placed with the intent to obtain additional personal information to commit identity theft by way of a social engineering attack.”
The lawsuit seeks class action status and for a jury to award the plaintiffs restitution, compensation for damages, seven years of credit monitoring, and for WSA to undergo policy changes with how it handles patient data.
WECT has reached out to Wilmington Surgical Associates for comment and will add their response when we receive it.