Regular readers may recall that September, 2020 was not a good month for St. Roper Francis, and DataBreaches.net had to explain that the healthcare system was dealing with notifications from two unrelated breaches. One involved 6,000 patients impacted by a hack of an employee’s email account. The other involved more than 90,000 patients impacted by the ransomware attack on its business associate, Blackbaud.
But 2020 wasn’t done with the healthcare system yet. In October, they discovered a third breach — this one a phishing attack that resulted in the compromise of three employee email accounts and notifications to almost 190,000 patients.
Unsurprisingly, then, they have been sued by plaintiffs seeking class action status and arguing that St. Roper had a long history of breaches and was negligent in not deploying better security.
The plaintiffs are represented by the Richter Firm, The Solomon Law Group, Slotchiver & Slotchiver, LLC, and Brent Souther Halversen, LLC.