George W. Rhodes reports:
A class action lawsuit has been filed against Sturdy Memorial Hospital alleging it failed to properly protect personal patient information that was stolen in a ransomware attack earlier this year.
[…]
“Defendant maintained and secured the PII (personally identifiable information) in negligent manner by failing to safeguard against ransomware attacks,” the complaint said. “Had Sturdy properly maintained its IT (information technology) systems, it could have prevented the data breach.”
Read more on The Sun Chronicle.
Can anyone perfectly prevent a ransomware attack? What, exactly, did Sturdy Hospital do or not do that was allegedly so negligent that it resulted in a successful attack? What best practices or reasonable measures did Sturdy not deploy that would have made a difference?