Hospital Sues Bank of America To Recoup Losses From Cyberattack
March 6, 2015 in News
A public hospital in Washington has filed a lawsuit against Bank of America seeking to recoup some of the losses incurred from a $1.03 million cyberattack on the organization in 2013, Krebs on Security reports.
Background on Cyberattack
In April 2013, hackers accessed the payroll accounts of Chelan County Hospital No. 1, adding to the payroll account nearly 100 “money mules” — or unwitting accomplices — who were paid to receive and send the money to the hackers. On April 19, 2013, and April 20, 2013, the thieves processed three unauthorized payroll payments that siphoned about $1 million from the hospital. Bank of America was able to return about $400,000 to the hospital.
In its lawsuit, Chelan Country alleges that an official with the Chelan County Treasurer’s Office informed the bank that a suspicious transfer for April 22, 2013, totaling $603,575 was not authorized.
The lawsuit states, “No funds had been transferred at the time of the phone call. Theresa Pinneo, an employee in the Chelan County Treasurer’s Office, responded immediately that the $603,575.00 transfer request was not authorized. Nonetheless, Bank of America processed the $603,575.00 transfer request and transferred the funds as directed by the hackers.”
The hospital alleges a breach of contract, arguing that the agreement between the bank and county incorporated regulations of the National Automated Clearinghouse Association that required the bank to implement a risk management program for all automated clearing house payments.
Bank of America has denied the allegations in the lawsuit and said it did not ignore a warning about a fraudulent payment (Krebs on Security, 3/3).