A nearly $500-million class-action lawsuit has been filed against five hospitals who were recently involved in a cyberattack.
A Toronto area law firm has launched the lawsuit, which was filed to the Superior Court last week seeking $80-million in damages for the plaintiffs.
A breach was first detected on Oct. 23, and targeted Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Windsor Regional Hospital, and TransForm Shared Service Organization, which operates technology systems for the hospitals.
The lawsuit was launched by a patient of Bluewater Health in Sarnia, but is being filed on behalf of all Ontario residents who were or are patients of any of the five hospitals.
Private data was accessed by the hackers, a group called Daixin Team, and was published online when the hospitals refused to pay a ransom.
Now the a law firm is suing these hospitals, alleging they did not adequately store and protect sensitive patient data and that the hospitals recklessly failed to take steps to protect the data.
Mireille Dahab, managing partner of Dahab Law and the lawyer for the plaintiffs, says very sensitive information was leaked during this incident.
"And we're getting a lot of feedback actually from people that have been affected by this, and I'm not at liberty to share some of the stories, but some of them are pretty disturbing in terms of identify theft, and the repercussions that their data having been leaked has caused them."
She says the hospitals should have ensured the data was protected.
"They should have done a lot more, done their due diligence to ensure protecting that information. Especially in the era that we're living in, digital information has to be safeguarded because you could sell anything, personal data, to anyone and make so much money, and affect the lives of many."
Dahab says the case is about negligence.
"The ultimate victim is the patients, not the hospital. It wasn't the hospital's information really that's been leaked and is out there. All of their information is already available, so it's the patients, actually patients and employees that are victimized, not the hospital itself."
The personal information of about 270,000 patients was published online after the hospitals refused to pay the ransom.
The hospitals will now have to file a statement of defence, and the case will then need to be certified by the courts.
-with files from CTV Windsor's Rich Garton