Summary: A landmark case involving a data breach at Lehigh Valley Health Network (LVHN) has been settled for $65 million, affecting nearly 135,000 patients and employees. The breach exposed sensitive medical records and personal information, including nude photos of patients, leading to the largest settlement of its kind in a healthcare data breach case.
Threat Actor: Unknown | unknown
Victim: Lehigh Valley Health Network | Lehigh Valley Health Network
Key Point :
- The data breach exposed sensitive information of 600 patients, including medical records and personally identifiable information (PII).
- The settlement amount of $65 million is a record for a hacking-related court case, with individual payments ranging from $50 to $70,000.
- The case highlighted severe privacy violations, including unauthorized nude photographs of cancer patients being stored and stolen.
- A final fairness hearing is scheduled for November 15 to approve the settlement terms.
A case involving a medical record hack affecting hundreds of patients and employees at a Pennsylvania healthcare company has been settled for a record-breaking $65m.
Filed in March 2023, the case involved nearly 135,000 patients and employees of Lehigh Valley Health Network (LVHN), an independent healthcare network based in Pennsylvania.
The plaintiffs, represented by class-action attorneys at Saltz Mongeluzzi Bendesky, sued LVHN after the company suffered a data breach that exposed 600 patients’ and employees’ medical records and personally identifiable information (PII).
Rogue Patient Nude Photos Exposed
The data exposed included addresses, email addresses, dates of birth, Social Security numbers and passport information, various medical data as well as nude photos.
“Cancer patients receiving treatment were photographed in the nude – often unbeknownst to the patients themselves – and those images were stored on LVHN’s network. Those images were subsequently stolen by the hackers as part of the data breach,” read the initial case filing.
It is believed to be the largest of its kind, on a per-patient basis, in a healthcare data breach-ransomware case.
Record-High Settlement for a Hacking-Related Court Case
On September 11, 2024, Saltz Mongeluzzi Bendesky announced it had reached a settlement with LVHN, now owned by Jefferson Health, for a compensation fee of $65m – a record for a hacking-related court case.
Each settlement class member will receive payments ranging from $50 to $70,000 – those receiving the maximum had their hacked nude photos published online.
The Lackawanna County Court of Common Pleas, which oversaw the case, has scheduled a final fairness hearing on November 15 to determine if the settlement should receive final approval.
Source: https://www.infosecurity-magazine.com/news/record-settlement-hacked-patient