Just as the cyberthreat landscape is evolving, so too are the data breach lawsuits filed in the wake of attacks, says attorney John Yanchunis, who has represented plaintiffs in many of these class action cases. For example, more suits are tied to ransomware attacks and involve efforts to recover related expenses.
Yanchunis is among the attorneys representing physician practices that earlier this year filed a class action lawsuit after a ransomware attack against cloud-based electronic health records vendor Allscripts.
The ongoing lawsuit against Allscripts alleges that the ransomware attack for eight days prevented physician practices from accessing their patient schedules, medical records data and billing systems, Yanchunis says in an interview with Information Security Media Group.
Besides disrupting physicians’ ability to provide patient care, the attack prevented doctors from being able to electronically document their patient information as required by Medicare and Medicaid for payment. That episode “caused doctors to incur both additional expenses, as well as lost time,” he says.
Yanchunis says he’ll soon file another lawsuit representing individuals impacted by a recent ransomware attack on an unnamed retailer.
“This is the second case I filed on the same issue – ransomware, where a cybercriminal is able to lock up a computer affecting consumers. It’s caused substantial damage to consumers and businesses that use that as a platform,” he says.
As for as the potential damage caused to individual victims, the ransomware attack on the retailer “took down a marketplace where businesses and consumers did business, causing financial injury,” he says. “Each of the consumers we’re representing can show loss of income for the period of time when the ransomware was in place and before it was removed.”