Sturdy Hospital in Attleboro sued over data breach

George W. Rhodes reports:

A class action lawsuit has been filed against Sturdy Memorial Hospital alleging it failed to properly protect personal patient information that was stolen in a ransomware attack earlier this year.

[…]

“Defendant maintained and secured the PII (personally identifiable information) in negligent manner by failing to safeguard against ransomware attacks,” the complaint said. “Had Sturdy properly maintained its IT (information technology) systems, it could have prevented the data breach.”

Read more on The Sun Chronicle.

Can anyone perfectly prevent a ransomware attack? What, exactly, did Sturdy Hospital do or not do that was allegedly so negligent that it resulted in a successful attack? What best practices or reasonable measures did Sturdy not deploy that would have made a difference?

Two U.K. teenagers appear in court over Transport of London cyber attack
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
KT Chief to Resign After Cybersecurity Breach Resolution

Related: