Data Security, Privacy, Governance, Risk and Compliance, Ransomware

Lehigh Valley Health Network to settle breach class-action for $65M

Credit: Adobe Stock Images

Major Pennsylvanian primary care group Lehigh Valley Health Network has agreed to pay a record $65 million settlement to resolve a class-action lawsuit alleging its failure to adequately protect sensitive health data from 134,000 patients, which were leaked following an ALPHV/BlackCat ransomware attack in February 2023, The Register reports.

ALPHV/BlackCat's separate leaks of information stolen from LVNH, including nude photographs of cancer patients that were unknowingly captured in some instances, following the organization's refusal to pay the demanded ransom also constituted a violation of the Health Insurance Portability and Accountability Act, according to the lawsuit. "While LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands, they are consciously and intentionally ignoring the real victims. Rather than act in their patients' best interest, LVHN put its own financial considerations first," said the lawsuit. Despite denying any wrongdoing in its response to the ransomware intrusion, LVNH will be providing patients whose data had been compromised between $50 and $80,000 depending on the type of exposed information.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds