A cancer patient in Ireland is suing a hospital in Cork after his data was exposed online following a ransomware attack on the country’s healthcare system. The suit reflects the legal and financial risks for organizations hit in such cyberattacks.
Legal fallout from ransomware attacks heightens the pain that victim organizations experience after potentially suffering interruptions to business, losing access to data and taking a reputational hit, according to experts. In addition, some companies suffer financial losses and might pay hackers a ransom fee and face regulatory fines for privacy and security violations.
Among the range of cyber incidents, “being a victim of a ransomware attack is the worst-case scenario,” said Ahmed Baladi, a partner in the Paris office of law firm Gibson, Dunn & Crutcher LLP.
The patient’s lawsuit last week against Mercy University Hospital in Cork alleges that the hospital’s security measures were insufficient. Hackers posted on a dark web forum the patient’s data, which included his name, medical identification number and details that appeared to be from an appointments database. The hospital informed him last month about the posting, said Michael O’Dowd, a Cork-based lawyer at law firm O’Dowd Solicitors who represents the patient.
Mr. O’Dowd said he would seek to prove…
Cookie consent: 5 harmful designs from UK Regulators’ guidance
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), and …
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
