Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Healthcare Provider to Pay $65M Settlement Following Ransomware Attack

Lehigh Valley Health Network has agreed to pay a $65 million settlement in a class-action suit filed over a 2023 data breach.

Pennsylvania healthcare provider Lehigh Valley Health Network (LVHN) has reached a $65 million settlement in a class-action suit filed over a 2023 data breach.

LVHN disclosed the incident in late February 2023, revealing that the attackers had access to its network beginning early January, that ransomware was deployed in early February, and that data was stolen from its network, mainly impacting Lehigh Valley Physician Group (LVPG) – Delta Medix.

The healthcare provider started notifying the potentially affected individuals in mid-March and confirmed in July that the Alphv/BlackCat ransomware gang was responsible for the incident.

The hackers had stolen personal information such as names, addresses, phone numbers, medical and treatment information, and health insurance information. For some individuals, email addresses, driver’s license numbers, Social Security numbers, and banking information was also compromised.

Furthermore, LVHN revealed, the ransomware group stole “clinical images of patients during treatment” for a limited number of individuals.

The organization provided the affected individuals with two years of identity protection and credit monitoring services. Over 130,000 patients and employees were potentially affected by the data breach.

What LVHN did not explicitly say in its incident notice was that nude photos of patients were also stolen from its systems. In March 2023, the BlackCat ransomware gang published some of the stolen information on its Tor-based leak site, including such photos.

The class-action lawsuit was filed against LVHN in March 2023, alleging that the healthcare provider failed to protect patient data.

Advertisement. Scroll to continue reading.

On September 11, 2024, the law firm Saltz Mongeluzzi Bendesky announced reaching a $65 million settlement with LVHN over the class-action lawsuit, noting that it is likely the largest settlement ever in a healthcare data breach-ransomware case.

A fairness hearing for the settlement’s final approval has been set for November 15, 2024.

Every individual who received a notification letter from LVHN is considered part of the lawsuit and should receive compensation, without having to take any action.

Should the settlement be approved, every class member will receive a payment ranging from $50 to $70,000. Only those who had their nude photos leaked will receive the maximum amount.

Related: Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces

Related: Verkada Settles With FTC Over Poor Security Practices That Led to Camera Hacking

Related: Google to Pay Indiana $20 Million to Resolve Privacy Suit

Related: Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.