Lehigh Valley Health Network to pay $65M after nudes of patients leaked online

After a ransomware attack at Lehigh Valley Health Network (LVHN), nude photos of hundreds of patients ended up online. Now, more than a year later, the health system is set to pay out $65 million in a class-action settlement. 

The lawsuit against LVHN was brought by 135,000 patients, all of whom had their medical records exposed to hackers—and some of those records contained photos of patients without clothing.

The settlement was announced on Wednesday afternoon, and it marks the largest lawsuit of its kind, “on a per-patient basis, in a healthcare data breach-ransomware case,” lawyers from Saltz Mongeluzzi Bendesky, representing the plaintiffs, said in a statement

According to the attorneys, more than 600 patients had their photos posted online, and many of the nude images were of cancer patients undergoing treatment. Those individuals will each receive $70,000 in compensation from the settlement fund, Saltz Mongeluzzi Bendesky confirmed. 

Nudes held for ransom by BlackCat

The medical records were taken during a February 2023 breach of LVHN’s systems by the infamous BlackCat ransomware gang, responsible for multiple large-scale healthcare data breaches in the U.S, including the Change Healthcare hack. LVHN refused to pay a ransom and cave to BlackCat’s demands, resulting in the leak of sensitive patient data. 

An initial lawsuit was filed by a single “Jane Doe” victim a month later, wherein lawyers from Saltz Mongeluzzi Bendes argued that LVHN’s refusal to pay the ransom was a “reckless and willful decision” made without consideration for patients, who trusted the health system to protect their privacy.

LVHN, a nonprofit health system of 13 hospitals and 28 medical centers that serve Pennsylvania, does not admit to wrongdoing. HealthExec has reached out for comment and will update this story with any statement we receive. 

The settlement is expected to be approved by courts on Nov. 15. Anyone set to receive a payout have already been notified and does not need to take any further action, Saltz Mongeluzzi Bendesky said. 

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

If passed, this bill would help clinician-led clinical registries explore Medicare data for research purposes. The Society of Thoracic Surgeons and American College of Cardiology both shared public support for the bipartisan legislation. 

Cardiologists and other physicians may soon need to provide much more information when ordering remote patient monitoring for Medicare patients.

Trimed Popup
Trimed Popup