430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach. Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the […]

Signature Healthcare

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach.

Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the Lehigh Valley area. The network also includes a children’s hospital, rehabilitation centers, and partnerships with academic institutions to support medical education and research.

Lehigh Valley Health Network (LVHN) has agreed to a $65 million settlement in a class action lawsuit related to a data breach that resulted in the publication of images of 600 nude cancer patients.

The healthcare network was the target a BlackCat ransomware attack, the security breach was discovered on February 6. The company immediately launched an investigation to determine the cause and scope of the incident. The investigation determined that the breach occurred on January 8, 2023.

In a data breach notification published on its website, the company reported that affected information varied by individual but potentially included some combination of the following data elements:  names, addresses, phone numbers, medical record number, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information.  It also added that “the information for a limited number of individuals included clinical images of patients during treatment.”

The investigation revealed that the ransomware gang had access to the personal data of at least 134,000 individuals, including cancer patients. LVHN refused to pay a ransom and the crooks published the nude images and other sensitive data on their dark web leak site.

In March 2023, a lawsuit was filed. Now Plaintiffs’ lawyer Patrick Howard of the law firm Saltz, Mongeluzzi, & Bendesky announced a proposed $65 million settlement in the lawsuit related to the Lehigh Valley Health Network data breach.

“A record $65 million settlement has been reached between class-action attorneys at Saltz Mongeluzzi Bendesky and Lehigh Valley Health Network (LVHN) in a case filed in March, 2023, on behalf of nearly 135,000 patients and employees of the health system, more than 600 of whom had their personal medical-record photos hacked and posted on the internet, according to the Firm.” reported the law firm.

“The settlement in J. Doe v. Lehigh Valley Health Network, Lackawanna County Court of Common Pleas, No. 23-CV-1149, is believed to be the largest of its kind, on a per-patient basis, in a healthcare data breach-ransomware case.”

Individuals notified as part of the settlement class do not need to take any action to receive compensation. Each patient who participated to the class action will receive payments ranging from $50 to $70,000, with the highest amounts going to those whose hacked nude photos were published online.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)