Pa. health system agrees to $65 million settlement after hackers leaked nude photos of cancer patients | CNN Business

Mon Sep 23 21:19:54 UTC 2024: ## Pennsylvania Health System to Pay $65 Million in Settlement for Nude Photo Leak

Lehigh Valley Health Network, a major health system in Pennsylvania, has agreed to pay a record-breaking $65 million to settle a lawsuit filed by cancer patients whose nude photos were leaked online following a ransomware attack in February 2023. This settlement, the largest of its kind in terms of per-patient compensation for cyberattack victims, is a stark warning to other healthcare providers about the vulnerability of sensitive patient data.

The settlement, which is awaiting judicial approval, designates 80% of the funds for victims whose nude photos were published online. The lawsuit, filed on behalf of several victims, accused Lehigh Valley Health Network of negligence and causing “embarrassment and humiliation” to the plaintiffs.

“This settlement shifts the legal, insurance, and adversarial ecosystem,” said Carter Groome, CEO of cybersecurity firm First Health Advisory. “It underscores that sensitive patient data, like images, require an extra layer of protection.”

The ransomware attack targeted the network supporting a single physician practice in Lackawanna County, but the leaked photos exposed the vulnerability of healthcare systems to cyberattacks.

This incident highlights the growing threat of ransomware attacks against healthcare providers, which can disrupt patient care and cost hospitals millions of dollars. Experts warn that these attacks are becoming more sophisticated and targeted, specifically seeking out sensitive patient data to extort payments.

While Lehigh Valley Health Network claims to have strengthened its defenses, the settlement serves as a reminder that healthcare organizations must prioritize patient privacy and invest in robust cybersecurity measures to protect against future breaches.

The Biden administration has pledged to introduce mandatory cybersecurity requirements for US hospitals, hoping to improve defenses against these attacks. However, the high cost of settlements, combined with the potential for bankruptcy in the face of similar attacks, creates a financial burden on healthcare providers that could further strain the already stretched system.

Read More