When hackers obtained nude photos of patients from a Pennsylvania hospital system, hospital officials refused to pay a ransom in excess of $5 million to get them back. Now, however the Lehigh Valley Health Network must pay $65 million in a settlement to patients whose images were published on the dark web, reports the Record. The breach, discovered in early 2023, allowed hackers to obtain images (not all of them nude) and personal data on more than 130,000 patients. Generally speaking, the FBI doesn't recommend paying ransoms demanded by hackers in security breaches, notes the Washington Post.
The lead plaintiff is a female cancer patient in her 50s who was informed by a Lehigh exec in a phone call that images of her nude body had been stolen. She is expected to receive $125,000 as the lead plaintiff. Others will receive lesser amounts depending on the nature of the info exposed about them. The plaintiffs' attorney, Patrick Howard, was able to obtain the pilfered images online for use in his lawsuit. "The hacker had just made it publicly available—it wasn't subject to any sort of paywall or negotiation to get at," he tells the Record. "It was just right there." (More hackers stories.)