Scott Carroll reports:
Arkansas Attorney General Leslie Rutledge on Thursday announced a lawsuit against the defunct Eastern Ozarks Regional Health for failing to protect sensitive patient information after it closed.
The former hospital in Cherokee Village is accused of leaving behind thousands of unsecured patient and employee records that contain social security numbers, driver’s license numbers, account information, medical information and biometric data. Doors were unlocked and windows were broken when the Attorney General’s Office inspected the facility in September. It found the building had been vandalized and trespassers had apparently gone through many of the files, the lawsuit says.
Read more at Arkansas Business.
The state’s press release can be found here. It provides a summary of some of the relevant history:
Eastern Ozarks Regional Health System closed in December 2004. In 2010, the property transferred to the State of Arkansas due to the owners’ failure to pay taxes. In 2021, the Attorney General’s Office conducted a site visit of the property and confirmed that possible PIPA and ADTPA violations existed. The facility had been vandalized and was in serious disrepair. Many files throughout the property appeared to have been examined, likely by trespassers seeking to steal significant personal information. The total number of files has not yet been determined; however, investigators with the Attorney General’s Office estimate that there are thousands of files throughout the facility and storage buildings. The suit alleges that Eastern Ozarks Regional Health System failed to provide proper disposal or proper security for the documents prior to the properties being conveyed to the State of Arkansas. The hospital and its owners face civil penalties up to $10,000 for each violation of the PIPA and the ADTPA.
The lawsuit complaint can be found here.