sturdy memorial sign

Sturdy Memorial Hospital in Attleboro

ATTLEBORO — A class action lawsuit has been filed against Sturdy Memorial Hospital alleging it failed to properly protect personal patient information that was stolen in a ransomware attack earlier this year.

The suit was filed Thursday in Plymouth Superior Court by attorneys for Barbara Ragan Bennett, a resident of Plymouth County, and on behalf of “all others similarly situated.”

It was estimated there are 35,271 others affected by the hack attack, which took place Feb. 9, 2021.

The suit is seeking an unspecified amount of damages including extended credit monitoring, “actual damages, compensatory damages, statutory damages and statutory penalties, punitive damages and attorneys’ fees and costs.”

Court documents said damages exceeded $50,000.

Lead attorney Stephen J. Teti of Lockridge Grindal Nauen P.L.L.P of Minneapolis, signed the complaint.

When contacted by The Sun Chronicle Tuesday afternoon, Teti had no comment on the case. Sturdy also declined comment.

A law firm from Los Angeles, Glancy Prongay & Murray LLP, and one from Boston, The Law Office of Sean K. Collins, are also representing the plaintiffs.

Sturdy paid an undisclosed ransom to the hacker to get its information back and offered all those affected two years of free credit monitoring.

But lawyers for Bennett claim Sturdy should have prevented the theft of the information.

“Defendant maintained and secured the PII (personally identifiable information) in negligent manner by failing to safeguard against ransomware attacks,” the complaint said. “Had Sturdy properly maintained its IT (information technology) systems, it could have prevented the data breach.”

While a ransom was paid, the complaint alleges that payment does not guarantee personal information will be protected.

“Defendant cannot reasonably maintain that the data thieves destroyed the information they obtained, or more generally, that the harm to the victims has been cured…”

Some of the information stolen includes names, contact information, dates of birth, Social Security numbers, Medicare Health Insurance claim numbers, driver’s license numbers and medical history.

In addition, lawyers argued that the two free years of a credit monitoring service is insufficient “because misuse of the information taken in the breach is likely to last longer than two years, and further, that credit monitoring alone does not compensate victims for the consequences of the breach.”

Bennett’s attorneys requested a jury trial.

George W. Rhodes can be reached at 508-236-0432.

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.