A case involving a medical record hack affecting hundreds of patients and employees at a Pennsylvania healthcare company has been settled for a record-breaking $65m.
Filed in March 2023, the case involved nearly 135,000 patients and employees of Lehigh Valley Health Network (LVHN), an independent healthcare network based in Pennsylvania.
The plaintiffs, represented by class-action attorneys at Saltz Mongeluzzi Bendesky, sued LVHN after the company suffered a data breach that exposed 600 patients' and employees' medical records and personally identifiable information (PII).
Rogue Patient Nude Photos Exposed
The data exposed included addresses, email addresses, dates of birth, Social Security numbers and passport information, various medical data as well as nude photos.
“Cancer patients receiving treatment were photographed in the nude – often unbeknownst to the patients themselves – and those images were stored on LVHN’s network. Those images were subsequently stolen by the hackers as part of the data breach,” read the initial case filing.
It is believed to be the largest of its kind, on a per-patient basis, in a healthcare data breach-ransomware case.
Record-High Settlement for a Hacking-Related Court Case
On September 11, 2024, Saltz Mongeluzzi Bendesky announced it had reached a settlement with LVHN, now owned by Jefferson Health, for a compensation fee of $65m – a record for a hacking-related court case.
Each settlement class member will receive payments ranging from $50 to $70,000 – those receiving the maximum had their hacked nude photos published online.
The Lackawanna County Court of Common Pleas, which oversaw the case, has scheduled a final fairness hearing on November 15 to determine if the settlement should receive final approval.