September 12, 2024 at 05:42AM
LVHN settled a $65 million class-action suit over a 2023 data breach, likely the largest in healthcare. Hackers accessed patient data and stole personal info, including nude photos. The settlement, pending final approval, may compensate affected individuals from $50 to $70,000, with those whose photos were leaked receiving the highest amount.
From the meeting notes, the key takeaways for the Pennsylvania healthcare provider Lehigh Valley Health Network (LVHN) and the class-action lawsuit settlement are as follows:
1. LVHN reached a $65 million settlement in a class-action suit filed over a 2023 data breach, likely the largest settlement ever in a healthcare data breach-ransomware case.
2. The data breach involved the theft of personal information, including names, addresses, phone numbers, medical and treatment information, and more. Additionally, the ransomware group stole clinical images of patients during treatment for a limited number of individuals.
3. LVHN failed to explicitly disclose that nude photos of patients were also stolen from its systems, which were later published by the BlackCat ransomware gang.
4. The settlement includes compensation for every individual who received a notification letter from LVHN, with payments ranging from $50 to $70,000. The maximum amount will be paid to those who had their nude photos leaked.
5. A fairness hearing for the settlement’s final approval is set for November 15, 2024. Every individual who received a notification letter from LVHN is considered part of the lawsuit and should receive compensation without having to take any action.