Lehigh Valley Health Network (LVHN), a Pennsylvania-based hospital system, has reached a $65 million settlement in a class-action lawsuit following a devastating data breach. The breach, orchestrated by the Russian ransomware group BlackCat in early 2023, exposed sensitive personal data, including nude images of 600 cancer patients, to the dark web.
The lawsuit, filed in March 2023, was brought on behalf of more than 134,000 victims, whose personal information, including medical diagnoses, home addresses, and Social Security numbers, was compromised. Particularly distressing was the publication of intimate photos of cancer patients receiving treatment, many of which involved revealing images of their breasts or genitals. These images were posted online after LVHN refused to meet the hackers’ ransom demands.
Attorney Patrick Howard, representing the plaintiffs, announced the proposed settlement, which could be one of the largest U.S. class-action settlements based on the amount awarded per plaintiff. While all plaintiffs will receive at least $50, cancer patients whose nude images were published will be awarded $70,000 to $80,000 each. Additionally, patients whose diagnostic information was leaked will receive an extra $1,000 in compensation.
The attack targeted a Scranton-based cancer treatment facility recently acquired by LVHN. The cybercriminals managed to infiltrate the network of this particular physician’s practice, giving them access to the sensitive images and information. After gaining control of the data, BlackCat demanded a ransom that exceeded $5 million. LVHN chose not to pay the ransom, leading to the widespread dissemination of the data on the dark web.
In a statement issued on Thursday, LVHN confirmed that they had “tentatively resolved” the lawsuit, stressing that patient privacy remains a top priority. The health network acted quickly following the breach, engaging top cybersecurity experts and notifying law enforcement to address the incident. Despite these efforts, the damage had been done, with the sensitive information being publicly available without any restrictions or paywalls on the dark web.
The breach has raised serious concerns about cybersecurity measures in the healthcare sector, especially given the increasing sophistication of ransomware groups like BlackCat. With over 200 organizations targeted by BlackCat and other ransomware groups since its emergence, the healthcare industry remains a prime target for cybercriminals. LVHN’s case has drawn significant attention due to the sensitive nature of the data involved and the substantial compensation awarded to victims.
Howard, the plaintiffs’ lawyer, noted the hospital system’s willingness to make amends, praising LVHN for agreeing to the settlement. “At the end of the day, they recognized that they needed to make right by these people,” Howard said. The hospital network has since taken steps to improve its cybersecurity defenses to prevent future incidents.
This settlement comes as LVHN recently announced its merger with the Philadelphia-area health network Jefferson, further expanding its reach in the healthcare sector. The incident has served as a stark reminder of the importance of robust data protection measures in a world where healthcare providers are increasingly targeted by cybercriminals.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Thank you for sharing your perspective, Sheila! After 35 years in IT, I’m sure you’ve seen more than your share of challenges in this area as well. As AI technology advances, it’s going to get much worse, unfortunately. It seems these days, these bad actors stay ahead for some reason. Thanks again for your input, and I hope you’re enjoying your well-deserved retirement! 😎
Ditto what Anthony said. I retired last December from 35 years in IT, most of my last years spent as a Technical Writer. Few things make me furious, but this kind of crime definitely is high on my list. The freaking nerve of these criminals!!! Grrrr
Wow these data breaches just keep getting worse and worse.
You’re absolutely right! It seems like every week there’s another major breach, and it’s alarming how much personal information is being compromised. It feels like the tech is advancing faster than the solutions to defend against it. We’re in a whole new era of cyber threats, and it’s crucial to stay one step ahead. Thanks for your comment, Anthony! I hope you have a great day. 😎
Thank you and thank you for sharing. I’ve worked in information technology since 1996. I’ve seen lots of changes and at this point now I’m doing tech writing cause it’s more lucrative and pays very well and I’ve done a lot of it in technology anyway but yes, security has really really changed.
Thank you very much for your insightful comment! I can imagine you’ve seen the entire landscape shift dramatically over the years, just as I did. Things are definitely not the same. It’s interesting how tech writing has evolved into such a lucrative field these days. I agree—security has truly undergone significant changes, and it’s become more crucial than ever. Thanks again for sharing your experience. I hope you have a great night, Anthony! 😎
You too John 😀