[ad_1]
A group of nurses in Oregon is suing one of the largest hospital operators in the U.S., alleging they were underpaid after a ransomware attack in October last year.
Chicago-based CommonSpirit Health hasn’t paid nurses their full wages at its Mercy Medical Center in Roseburg, Ore., and St. Anthony Hospital in Pendleton, Ore., after October, according to a suit filed March 15 in Oregon county court. Some employees still haven’t been paid for the accurate number of hours they worked and paid time off is being calculated incorrectly, the filing said.
Larae Ernst, an emergency room nurse at Mercy Medical, said CommonSpirit claims it overpaid her because a cyberattack in October led to an outage in its timekeeping system. CommonSpirit paid Ms. Ernst lower-than-usual wages in December, apparently to recoup the higher payments, she said. The shortfall forced her to cancel her daughter’s sweet 16 party, losing deposits from two vendors, Ms. Ernst said. The forfeitures were probably “enough that I could have bought groceries for a week,” she said.
CommonSpirit, in the aftermath of the October cyberattack, shut down some technology systems at many of its hospitals across the country, including patient and operational systems.
The nonprofit chain runs more than 140 hospitals and 2,000 healthcare facilities in 21 states.
Payments to around 2,000 nurses and other staff members at the two Oregon hospitals were affected by the cyberattack, said Richard Myers, an attorney from law firm Bennett Hartman Attorneys at Law LLP who represents the nurses. If the court certifies the suit as a class action, those employees will receive notice and a chance to opt out of the lawsuit.
The suit seeks $1.5 million, including $200,000 in unpaid wages, $500,000 in late payment penalties and $800,000 in damages.
A spokesman for CommonSpirit declined to comment on the lawsuit. “We want to reiterate our commitment to ensuring all employees are paid accurately. We are grateful to our employees for their commitment and for their efforts in continuing to provide high quality patient care throughout this situation,” he said.
The nurses’ lawsuit adds to the fallout from the cyberattack. CommonSpirit said last week that personal information for more than 623,000 individuals was exposed during the incident, including Social Security numbers and diagnoses. Patients have filed several lawsuits over the data breach. The cyberattack has so far cost CommonSpirit $150 million in lost revenue, business interruption and other expenses, the company said in a regulatory filing in February.
Payroll problems have followed cyberattacks at other companies. A cyberattack on UKG Inc.’s Kronos timekeeping system in late 2021 affected payment services at many of its customers. Ascension Health Alliance in St. Louis, Mo., and one of its hospitals last year agreed to pay $19.7 million to settle disputes over employee wages following the Kronos incident. At
Honda Motor Co.
’s U.S. subsidiary, also a Kronos client, four employees sued the auto maker last year for allegedly failing to properly track their hours and pay them appropriately. Honda has denied the allegations. The case is continuing.
After a cyberattack, companies need to reassure employees about what happened, even if they don’t know all the details, said Ian Carleton Schaefer, a partner at law firm Loeb & Loeb LLP and chair of its New York labor and employment practice. Doing so is vital when compensation is affected, he said. Mr. Schaefer said he isn’t involved in the nurses’ case.
“Cybersecurity and data security is an employment issue,” he said. “When it really comes down to hitting people in their wallets and their livelihoods, understanding what is going to be done, and when, is really important.”
For CommonSpirit’s nurses, the focus of the lawsuit isn’t the technology outage itself, but the chain’s actions afterward that resulted in staff receiving reduced wages, Mr. Myers of Bennett Hartman said.
Ms. Ernst said CommonSpirit told her she owes around $3,200 in overpaid wages and the company hasn’t provided any record of her hours to substantiate its claim. Ms. Ernst’s paystubs started to show the correct number of working hours again in December, several weeks after the ransomware incident, she said.
CommonSpirit met several times with the Oregon Nurses Association but has rejected the union’s request to allow an independent audit of staff payments since the cyberattack, said Kevin Mealy, the union’s communications manager. The union has asked CommonSpirit to correct inaccurate payments to nurses in several cases, but the updated payments have often been wrong, Mr. Mealy said. “It becomes harder and harder to untangle it the further we go,” he said.
Write to Catherine Stupp at catherine.stupp@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
[ad_2]
Source link