Critical access hospital Morrison Community Hospital in Illinois has decided to settle a lawsuit for $675,000. The lawsuit was associated with a ransomware attack and data breach in 2023.
The BlackCat/ALPHV ransomware group behind the cyberattack on September 24, 2023, accessed the Morrison Community Hospital network, exfiltrated sensitive data, and used ransomware for file encryption. The hospital did not pay the ransom so the BlackCat/ALPHV group exposed the stolen information on its data leak website. The HHS Office for Civil Rights received a data breach report on November 23, 2023, indicating that the protected health information (PHI) of 122,488 present and past patients was affected. The compromised information contained names, addresses, birth dates, medical data, and Social Security numbers. If HIPAA encryption had been implemented, the data breach would have been avoided.
Impacted patients filed a lawsuit against the hospital (re: Morrison Community Hospital Data Breach Litigation) in the Circuit Court for the 14th Judicial District in Whiteside County, Illinois. The plaintiffs alleged that the hospital implemented inadequate cybersecurity measures. This negligence consequently enabled a hacker to access its system and steal sensitive patient information.
Morrison Community Hospital did not admit to any wrongdoing, argued the plaintiffs’ claims, and rejected any legal responsibility. Nevertheless, the hospital decided to negotiate the lawsuit to avert additional legal expenses and the uncertainty of trial. As per the conditions of the settlement, class members could file claims for around $5,000 to get compensation for documented losses as a result of the incident. Claims may include credit fees, bank charges, travel expenditures, and losses caused by identity theft and fraud.
Instead of submitting a claim for losses, class members may opt to get a cash payment, which is going to be paid pro rata after deducting claims payment, attorney’s fees, legal costs, and plaintiff awards. Claims should be filed on or before February 5, 2025. The schedule of the final approval hearing is February 28, 2025.
Image credit: logo©Morrison Community Hospital / DC Studio, AdobeStock
