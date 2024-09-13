Bethlehem, PA — Lehigh Valley Health Network (LVHN) has recently agreed to a substantial $65 million settlement in a class-action lawsuit concerning a significant breach of patient data. This settlement involves approximately 134,000 individuals whose medical records were compromised.

Historic Settlement

Patrick Howard, an attorney from Saltz Mongeluzzi Bendesky, highlighted that this could be the largest per capita data breach settlement in U.S. history. The lawsuit, filed in March 2023 by a plaintiff under the pseudonym “Jane Doe,” alleged that LVHN failed to secure patient data effectively. This breach was publicly announced on February 22, 2023.

Details of the Breach

The breach involved hackers posting sensitive patient information, including explicit images of cancer patients undergoing treatment at Lehigh Valley Physician Group-Delta Medix. This incident was attributed to the ransomware group BlackCat, which is reportedly linked to Russia.

LVHN discovered the ransomware on February 6, 2023, and responded by initiating an extensive investigation with top cybersecurity experts. The network chose not to meet the ransom demands from BlackCat, emphasizing the protection of patient, physician, and staff privacy as top priorities.

Support for Affected Individuals

LVHN is providing affected individuals with a free 24-month subscription to Experian’s IdentityWorks service to aid in monitoring and protecting their identities. The settlement ensures that affected individuals will receive compensation automatically without needing to take further action.

Settlement Breakdown

The settlement, finalized on August 20, includes four tiers of compensation:

Tier One: Allocates $7.15 million to all settlement class members, with payments capped at $50 per person. Tier Two: Designates $1.3 million for those whose sensitive medical or employment data appeared on the dark web, with a maximum payment of $1,000. Tier Three: Provides $4.55 million for individuals whose non-nude images were posted, with payments up to $7,500. Tier Four: Allocates $52 million to individuals whose nude images were exposed, with compensation ranging between $70,000 and $80,000.

Next Steps

The settlement must receive court approval before payments can be disbursed. A hearing is scheduled for November 15, 2024, at 1 p.m. in Lackawanna County Courthouse before Senior Judge Thomas A. James.

Class members will be contacted with further details on their compensation. Those affected can also file claims for out-of-pocket losses up to $5,000 or opt out of the settlement by October 21, 2024. Claims for losses must be submitted by November 3, 2024.

The Importance of Secure Data Handling

In light of this significant breach, businesses like these always need stringent data protection practices. Ensuring the secure destruction of sensitive information, whether through shredding or other methods, can prevent similar breaches and protect clients reputation.

Moreover, businesses should implement comprehensive data handling policies that include regular employee training on cybersecurity best practices, access control measures, and the encryption of sensitive data. By establishing a robust data governance framework, companies can ensure that only authorized personnel have access to confidential information and that data is securely managed throughout its lifecycle. Proactively addressing these security measures not only safeguards client data but also enhances customer trust and reinforces the company’s commitment to data protection, ultimately reducing the risk of reputational damage from potential breaches.

