California Hospital Sued Over Data Breach

    In yet another sad example of small businesses targeted by cybercriminals, the Rady Children’s Hospital experienced a data breach mid 2020 and it’s now coming to light.

    The small hospital based in San Diego certainly wasn’t the most obvious target—it’d be easy to assume that hackers would pursue one of the larger hospitals in California.

    And yet this data breach affected 19,788 patients.

    Families are suing Rady Children Hospital for negligence. The lawsuit is ongoing and there are still many questions that need answers. Still, companies across the nation can learn a thing or two about cybersecurity from the facts that are already known.

    What happened in the data breach?

    Cybercriminals stole the data of thousands of patients and then ransomed it back to the hospital. Rady Children’s paid the attackers, fearing that the hackers would destroy all their data if they didn’t comply.

    What did the cybercriminals steal?

    The attackers stole the profile information of nearly 20,000 patients, including names, addresses, birth dates, and patient physicians. Hackers accessed both the main data and all of the hospital’s backups.

    How did the victims react to the data breach?

    Parents of the children in the hospital have filed a lawsuit against Rady’s Children’s Hospital. They allege that the hospital was negligent in the invasion of privacy and breached the implied contract with the customers.

    How did Rady’s Children’s Hospital react?

    Rady Children’s claim that the security system they used, Blackbaud, didn’t verify that the data was missing. They say Blackbaud didn’t offer enough security protection.

    Both the system provider and the hospital don’t know if the hackers sold the data or if they even still have a copy of it. 

    How do other companies prevent data breaches like this?

    At first glance, Rady’s Children Hospital did everything right. They invested in a cybersecurity system to protect their data, and it can be argued that Blackbaud made the mistake, not them.

    But the hospital should have done more than hand their data to just any security company, and in the end it doesn’t matter who was at fault. Rady Children’s lost their customers’ trust and is facing serious accusations in court

    This is every company’s nightmare, and the truth is, it can happen to anyone who isn’t adequately prepared. Working with an IT company in Southern California could have prevented this data breach from occurring, and it can save you from being the next headline in the news.