Lehigh Valley Health Network to pay $65M after nudes of patients leaked online
After a ransomware attack at Lehigh Valley Health Network (LVHN), nude photos of hundreds of patients ended up online. Now, more than a year later, the health system is set to pay out $65 million in a class-action settlement.
The lawsuit against LVHN was brought by 135,000 patients, all of whom had their medical records exposed to hackers—and some of those records contained photos of patients without clothing.
The settlement was announced on Wednesday afternoon, and it marks the largest lawsuit of its kind, “on a per-patient basis, in a healthcare data breach-ransomware case,” lawyers from Saltz Mongeluzzi Bendesky, representing the plaintiffs, said in a statement.
According to the attorneys, more than 600 patients had their photos posted online, and many of the nude images were of cancer patients undergoing treatment. Those individuals will each receive $70,000 in compensation from the settlement fund, Saltz Mongeluzzi Bendesky confirmed.
Nudes held for ransom by BlackCat
The medical records were taken during a February 2023 breach of LVHN’s systems by the infamous BlackCat ransomware gang, responsible for multiple large-scale healthcare data breaches in the U.S, including the Change Healthcare hack. LVHN refused to pay a ransom and cave to BlackCat’s demands, resulting in the leak of sensitive patient data.
An initial lawsuit was filed by a single “Jane Doe” victim a month later, wherein lawyers from Saltz Mongeluzzi Bendes argued that LVHN’s refusal to pay the ransom was a “reckless and willful decision” made without consideration for patients, who trusted the health system to protect their privacy.
LVHN, a nonprofit health system of 13 hospitals and 28 medical centers that serve Pennsylvania, does not admit to wrongdoing. HealthExec has reached out for comment and will update this story with any statement we receive.
The settlement is expected to be approved by courts on Nov. 15. Anyone set to receive a payout have already been notified and does not need to take any further action, Saltz Mongeluzzi Bendesky said.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.