Lehigh Valley Health Network Settles for $65 Million Over Data Breach: Key Takeaways

Source.

Bethlehem, PA — Lehigh Valley Health Network (LVHN) has settled a class-action lawsuit for a staggering $65 million following a major data breach that compromised the personal information of around 134,000 patients.

Unprecedented Settlement

Patrick Howard, an attorney from Saltz Mongeluzzi Bendesky, noted that this settlement might be the largest of its kind in the U.S. based on the number of affected individuals. The class-action lawsuit was filed in March 2023, led by a plaintiff identified as “Jane Doe,” and targeted LVHN for its inadequate protection of patient data. The breach, which was publicly disclosed on February 22, 2023, exposed sensitive information including private photographs.

Breach Details and Response

The incident involved hackers leaking confidential patient details, including explicit images of cancer patients from Lehigh Valley Physician Group-Delta Medix, onto the dark web. The attack was linked to the BlackCat ransomware group, with alleged ties to Russia. LVHN discovered the malware on February 6, 2023, and initiated a thorough investigation with cybersecurity experts. LVHN opted not to pay the ransom demanded by the attackers, prioritizing the protection of patient, physician, and staff privacy.

Support Measures for Affected Parties

As part of the settlement, LVHN is offering a free 24-month subscription to Experian’s IdentityWorks service to those affected by the breach. The settlement ensures that compensation will be automatically distributed to affected individuals without requiring additional action on their part.

Compensation Distribution

The settlement includes a tiered compensation structure:

  1. Tier One: $7.15 million is allocated to all class members, with individual payments capped at $50.
  2. Tier Two: $1.3 million is designated for individuals whose sensitive medical or employment information was exposed online, with payments up to $1,000.
  3. Tier Three: $4.55 million is set aside for those whose non-explicit images were leaked, with compensation up to $7,500.
  4. Tier Four: $52 million is allocated for individuals whose explicit images were released, with payments ranging from $70,000 to $80,000.

What Comes Next

The settlement awaits court approval before payments can be issued. A hearing is scheduled for November 15, 2024, at 1 p.m. in the Lackawanna County Courthouse before Senior Judge Thomas A. James.

Affected individuals will receive detailed information about their compensation. They can also submit claims for out-of-pocket expenses up to $5,000 or choose to opt out of the settlement by October 21, 2024. Claims for expenses must be filed by November 3, 2024.

Ensuring Data Protection

This case highlights the critical importance of robust data security measures. Organizations, especially those involved in sensitive data handling such as product destruction services, should prioritize secure methods for disposing of confidential information. Effective shredding and other data destruction practices are vital to safeguarding client data and maintaining trust.

Get in Touch

If you require dependable and secure product destruction services, including document shredding, our team is ready to assist. Protect your sensitive information with our expert services.

Contact us today to learn more or to schedule a service.

Leave a Comment