Maryland hospital settles ransomware lawsuit for $2.25M
A not-for-profit Maryland-based hospital has agreed to pay $2.25 million to settle a class-action lawsuit brought by victims of a January 2023 data breach. That breach exposed 30,000 patient records to hackers.
Atlanta General Hospital’s systems were hit by the ransomware attack last year, exposing names, Social Security numbers, health insurance information and medical record details. A lawsuit filed after the breach alleged the hack was made possible because Atlanta General failed to properly invest in cybersecurity. In the lawsuit, plaintiffs referred to the attack as “eminently avoidable.”
“It is clear that Atlanta General failed to take sufficient and reasonable measures to safeguard its data security systems and protect highly sensitive data in order to prevent the data breach from occurring; to disclose to its patients, and the public at large, that it lacked appropriate data systems and security practices to secure private Information; and to timely detect and provide adequate notice of the data breach to affected individuals,” court documents read.
The plaintiffs argued Atlanta General’s negligence put them at risk for identity theft. Plaintiffs also argued they suffered damages, including loss of privacy, incurred expenses to resolve privacy concerns and lost time.
Atlanta General does not admit to any wrongdoing but did agree to pay the settlement, which is currently not being distributed, allowing impacted patients to potentially collect up to $5,000 as recompense. Additionally, all victims are being given up to three years of credit monitoring services.
For more information on the settlement, click here.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.