Just by following basic cyber security measures, companies can prevent 85% of cyberattacks. If a company fails to protect against ransomware threats, they may be liable for damages.
Ransomware attacks are becoming more sophisticated, more destructive, and all too common. In a ransomware attack, cyber criminals infect computers with malware that locks the entire device or valuable data and files, only promising to restore access once the victim pays the fixed ransom amount.
When a business falls victim to a ransomware attack, they often shut down software platforms and servers in order to prevent the ransomware from spreading. As a result, the company’s business operations are interrupted, often at the cost of customers.
If a business failed to exercise adequate cyber security measures to prevent a ransomware attack, a customer may be eligible to file a lawsuit. If you suffered a financial loss because of a ransomware attack, contact us for a free, no-obligation legal review.
What Can Businesses Do To Prevent a Ransomware Attack?
Only 33% of companies conduct internal training on ransomware threats.
Just by following basic cyber security measures, companies can prevent 85% of cyberattacks. These measures include regularly updating computer software and operating systems, using application whitelisting (which blocks unauthorized programs from running), restricting administrative privileges, backing up data regularly, and training employees to recognize suspicious emails and links.
Despite how easy it is to prevent cyber attacks, a lot of companies simply aren’t doing it. In a January 2017 study published by the Ponemon Institute, only 33% of companies conduct internal training on ransomware threats, and only 29% of respondents believed their employees could detect ransomware threats. And, despite the fact that more than half of survey respondents reported experiencing a ransomware attack, only 46% believed ransomware prevention was a priority for their company.
Can Companies Be Liable for Ransomware Damages?
The WannaCry ransomware attacks offer a case study in cyber security negligence. In 2017, organizations around the world—including FedEx, Honda, the National Health Service in England, and the Chinese Public Security Bureau—were affected by the ransomware. The ransomware targeted a vulnerability in the file-sharing protocol Server Message Block on Microsoft Windows programs, which could have been patched through a free Microsoft update offered two months before the ransomware spread.
While some pointed to Microsoft’s role in the WannaCry attacks, the company argued that it was up to businesses to download the security patch they offered. Failing to download the free security patch could be an act of negligence.
Have There Been Any Lawsuits Filed for Ransomware Attacks?
The ClassAction.com lawsuit alleges Allscripts failed to properly secure its servers, allowing a strain of the SamSam ransomware to compromise its data centers.
Allscripts, an electronic health records company, is accused of cybersecurity negligence in the first U.S. ransomware class action lawsuit.
When SamSam ransomware infiltrated Allscripts’ data centers in North Carolina and South Carolina, the company shut down their network in order to prevent the malware from spreading. This blocked client access to patient records, prescriptions, and billing services for more than a week. The downed system disrupted business so severely, that some clinics had to turn away patients.
The lawsuit was filed by ClassAction.com on behalf of lead plaintiff Surfside Non-Surgical Orthopedics and similarly affected class members. It alleges Allscripts failed to properly secure its servers, which allowed a strain of the SamSam ransomware to compromise its data centers.
What Does the Allscripts Lawsuit Allege?
Since Allscripts serves the healthcare industry, they must adhere to the Health Insurance Portability Accountability Act of 1996, or HIPPA. Under HIPPA, Allscripts has a duty to protect the personal healthcare information (PHI) of its users. By leaving their data centers vulnerable to a ransomware attack, the lawsuit alleges Allscripts violated this duty.
The lawsuit also alleges the following:
- Allscripts breached its duties by failing to implement, monitor, and audit the security of its data and systems, resulting in a ransomware attack that significantly impeded and/or prevented its clients’ ability to conduct business.
- Plaintiff and the Class experienced significant business interruption and disruption as a direct and proximate result of their inability to: access Allscripts’ products and services, including patient records and submit electronic prescriptions.
- Allscripts failed to implement appropriate processes that could have prevented or minimized the effects of the SamSam ransomware attack.
What Can I Recover from a Ransomware Lawsuit?
While the Allscripts class action lawsuit is the first lawsuit of its kind, healthcare data breaches involving compromised PHI have resulted in multi-million dollar settlements. Data breach settlements typically include compensation for identity theft protection services and financial losses, as well as requirements to improve cybersecurity measures within the organization.
Our attorneys are leaders in the cyber security space, having served as lead counsel on some of the largest data breach lawsuits in history, as well as filing the first ransomware class action lawsuit of its kind.
If you suffered a financial loss as a result of a company’s failure to prevent a ransomware attack, you may be eligible for compensation. Contact us today for a free, no-obligation legal review.