A federal judge has ruled that parts of a class-action lawsuit against St. Louis-based Ascension over a ransomware attack in 2024 can move forward, while other claims will be dismissed. The lawsuit, filed in May 2024 by former patients, accuses the nonprofit health system of failing to protect sensitive personal and medical information exposed in the breach. Plaintiffs say hackers accessed data including Social Security numbers, medical records, and financial account information.

In a Sept. 23 order obtained by Becker’s, the U.S. District Court for the Eastern District of Missouri said plaintiffs had shown enough evidence to pursue negligence and negligence per se claims, finding that the patient-provider relationship created a duty for Ascension to safeguard health data. The judge also a

See Full Page