A Washington hospital has filed a lawsuit against Bank of America to recover some of its losses from a $1 million cyber-breach in 2013.
According to the suit, the hackers transferred a total of $1.03 million in three separate transactions from Chelen County Hospital over two days in April 2013. The bank is accused of approving the final transfer of $603,575 despite a call from the hospital's treasury team to stop the pending transaction.
Bank of America subsequently recovered $400,000 of the missing funds, leaving the hospital nursing a $600,000 loss.
The hospital is alleging that the bank breached Nacha rules on best practice in ACH guidelines, by failing to implement a risk management programme and set an agreed exposure limit.
The bank is contesting the suit, arguing that it acted within the parameters of the Uniform Commercial Code governing payments transactions in US states.