PIH Health Facing Lawsuit Over December 2024 Ransomware Attack

The lawsuit alleges negligence, invasion of privacy and other complaints stemming from the ransomware attack.

By Jeff Wardon, Jr., Assistant Editor


A ransomware attack on December 1 stalled operations across three of PIH Health’s hospitals as hackers stole reportedly up to 17 million patient records, including confidential medical and personal data.  During the attack, the hackers allegedly made negotiations in exchange for a decryption key. 

As a result of the cyberattack, a man from Whittier, California, is suing PIH for allegedly not keeping his confidential information safe from hackers, Pasadena Star-News reports. The lawsuit seeks unspecified damages for negligence, invasion of privacy and other complaints stemming from the ransomware attack. At the time of publication, PIH has yet to comment on the lawsuit. 

Ransomware attacks are costly to healthcare facilities, not only legally, but also in terms of their literal financial impacts, down time and reputational damage. 

According to The State of Ransomware in Healthcare 2024 published by Sophos, 65 percent of ransom demands were for $1 million or more, and 35 percent were for $5 million or more. The median payment was $1.5 million, and the average payment was $4.4 million out of 99 organizations surveyed that admitted to paying the ransom. 

Down time can hamper a healthcare facility’s operations or bring them to a standstill. According to a study from Comparitech, down time varied from minimal disruption to months long. On average, healthcare organizations lost nearly 14 days to down time, with each year varying from 2.6 days in 2018 to 18.71 days in 2023. 

However, not even a healthcare facility’s reputation can escape being damaged. An example of this is the Change Healthcare cyberattack, as Errol Weiss, chief security officer at Health-ISAC, previously told Healthcare Facilities Today. The cyberattack on Change Healthcare was because the organization hadn’t put multifactor authentication (MFA) in place to a remote desktop access portal, allowing attackers to use stolen credentials to access the organization’s systems. 

While Change Healthcare is a provider of revenue and payment cycle management, it’s a critical part of the healthcare supply chain. Regardless of a cyberattack hitting the supply chain or an actual facility, it will impact the quality of caregiving and overall operability of a healthcare facility. Eventually, this can erode the public’s trust and make their opinions toward healthcare organizations unfavorable. 

These costs can weather away at the public perception of healthcare if they aren’t addressed immediately. There are key areas healthcare organizations and facilities can focus on to protect themselves from cyberattacks and ransomware, according to Weiss: staying up to date on security patches, backing up systems and data, and using MFA. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



January 8, 2025


Topic Area: Information Technology , Security


Recent Posts

Site Selection Mistakes: What Not To Do

Healthcare providers that treat site selection as a strategic decision, not a simple real estate deal, will be positioned for long-term success.


High-Performance EFCO Systems Shape MUSC's New Black River Medical Center

Case study: A sweeping curved-glass entrance, impact-resistant envelope and energy-efficient fenestration support a sustainable, resilient design for one of South Carolina’s newest rural hospitals.


Heritage Valley Health System to Officially Affiliate with Alleghany Health Network

With the affiliation now complete, Heritage Valley Beaver and Heritage Valley Sewickley will be rebranded.


The Impact of Acoustics on Patient Privacy

As healthcare facilities evolve toward more open and flexible care environments, acoustic privacy has become essential.


Texas Behavioral Health Center in Dallas Opens with Ribon-Cutting Ceremony

The 456,265-square-foot facility offers a variety of therapeutic, recreational and social spaces that prepare patients for life outside the hospital.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.