COLUMBIA, Mo. - A legal effort seeking compensation from MU Health Care is growing, after the provider announced that employee email accounts were improperly accessed.
Attorneys from two firms filed a class-action lawsuit against the university last week shortly after the breach was announced by MU Health Care. Forty people have signed onto the lawsuit, according to one of the attorneys behind the effort, A. W. Smith.
An “unauthorized individual” had access to the email accounts of two employees in late April, according to an MU Health Care statement. The email accounts may have contained a variety of medical and private data belonging to about 14,400 patients. The social security numbers of a smaller number of patients may have been implicated as well, according to the statement.
Jesslyn Chew, an MU Health Care spokeswoman, said a third party forensic firm worked with the company to investigate the scope of the breach, and found “no indication” that the affected information was ever viewed or misused.
“We worked diligently to investigate the incident and ensure it was fully contained,” Chew told ABC 17 News in an email on Monday.
Smith said he is skeptical of the university’s claim that none of the information was misused, and that victims of the breach will be at risk of identity theft and other crimes for years to come.
“(MU Health Care is) telling people their information was breached, but they’re also saying it wasn’t viewed. That doesn’t make any sense at all,” Smith said.
The lawsuit asks a judge to compensate those affected by the breach and to mandate that MU Health Care upgrade its security measures.
“Medical information is especially valuable to identity thieves,” the lawsuit’s petition reads. “There is an active and robust market for this information.”
Chew did not speak on the lawsuit, saying MU Health Care does not comment on pending litigation.