Law firm Morgan & Morgan has lodged a class-action lawsuit against Tampa General Hospital on behalf of three victims affected by a significant data breach.
Between May 12 and May 30, 2023, cyber-criminals infiltrated Tampa General Hospital's computer system, pilfering data belonging to approximately 1.2 million patients.
The exposed information encompasses sensitive details like names, addresses, phone numbers, dates of birth, Social Security numbers and select Health Insurance Portability and Accountability Act (HIPAA)-protected medical records.
The plaintiffs contend that Tampa General Hospital not only failed to secure their personal and medical data adequately but also exacerbated the situation by delaying the notification of victims until July 19—over two months after the initial breach.
The lawsuit asserts that the hospital was unaware of the breach until May 31, giving hackers nearly three weeks to extract information undetected.
Read more on the breach: Tampa General Hospital Data Breach Impacts 1.2 Million Patients
The three plaintiffs, who remains anonymous to safeguard their identities, include an individual who has already fallen victim to identity theft following the breach and a retired FBI agent.
"Our clients' allegations in this case paint a picture of Tampa General Hospital's cavalier attitude toward cybersecurity and patient privacy. This is not the first time Tampa General Hospital has allegedly failed to protect its patients' personal data – this data breach follows a 2014 breach," said Morgan & Morgan attorneys John Morgan and Ryan McGee in a statement sent to Infosecurity via email.
"It is our hope that this lawsuit will not only secure justice and accountability for the patients whose privacy and peace of mind have been irrevocably violated, but also will spur Tampa General Hospital to take additional steps to protect their patients' privacy in a manner appropriate for the current climate of cyber-attacks."
The lawsuit includes allegations of invasion of privacy, unjust enrichment, breach of confidence and breach of fiduciary duty. Plaintiffs seek relief in the form of damages, restitution, injunctive relief and the appointment of class representatives.
Tampa General Hospital has been contacted by Infosecurity for comment.