web analytics

$2.25M Settlement Reached in Atlantic General Hack Lawsuit – Source: www.databreachtoday.com

$225m-settlement-reached-in-atlantic-general-hack-lawsuit-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Fraud Management & Cybercrime
,
Healthcare
,
Industry Specific

Nearly 137,000 People Affected in 2023 Ransomware Attack on Maryland-Based Hospital

Marianne Kolbasuk McGee (HealthInfoSec) •
August 21, 2024    

$2.25M Settlement Reached in Atlantic General Hack Lawsuit
Berlin, Maryland-based Atlantic General Hospital has agreed to pay $2.25 million to settle a proposed class action lawsuit stemming from a 2023 ransomware attack. (Image: AGH)

A ransomware attack against Atlantic General Hospital that affected the personal information of 137,000 individuals in 2023 has led to a $2.25 million preliminary settlement of a consolidated proposed federal class action lawsuit.

See Also: Enterprise Browser Supporting Healthcare, Cyber Resilience

Berlin, Maryland-based not-for-profit Atlantic General Hospital is part of Atlantic General Health System, which also includes 40 family physicians, internists and specialists with offices in 17 locations throughout Maryland, Virginia and Delaware.

The amended consolidated lawsuit complaint filed in a Maryland federal court in August 2023 alleges that the plaintiff and class members face increased risk of identity theft and fraud crimes from the data breach because of Atlantic General’s “negligent, reckless, intentional and/or unconscionable failure to adequately satisfy its contractual, statutory and common-law obligations.”

The lawsuit sought statutory and punitive damages, as well as injunctive relief ordering Atlantic General to improve its data security practices (see: Victim Count in Maryland Ransomware Breach Jumps Fivefold).

Under the proposed settlement, class members may submit valid claims to receive up to $5,000 for reimbursement of documented losses incurred as a result of the data breach.

That includes bank fees, credit report or monitoring fees, long-distance phone charges, cellphone charges if charged by the minute, and miscellaneous qualified expenses subject to explanation, such as postage, notary, fax, copying, mileage and gasoline for local travel.

As an alternative, settlement class members may instead submit a valid claim for a cash award. The amount of that cash award depends on the total of remaining net settlement funds after payments of all other claim types.

Each settlement class member who submits a valid claim also may elect to receive three years of credit and identity monitoring services.

The proposed settlement does not appear to require Atlantic General Hospital to make any specific data security improvements. But the document does state that Atlantic General made – or is making – “changes and improvements … to further protect settlement class members’ private Information.”

Settlement class attorneys are seeking one-third of the settlement fund, or $750,000.

A final fairness court hearing for the proposed settlement is set for Sept. 5. The court granted preliminary approval of the settlement in late April.

As part of the agreement, Atlantic General denies any wrongdoing and “all of the claims and contentions alleged against it in the litigation,” the settlement document says.

Atlantic General Hospital did not immediately respond to Information Security Media Group’s request for comment on the proposed settlement and for additional details about the hacking breach.

The settlement of the Atlantic General Hospital lawsuit “explains the nature of health data breach class actions and their sudden, significant impact on the healthcare industry,” said regulatory attorney Paul Hales of Hales Law Group, which is not involved in the case.

Plaintiff attorneys are arguably “the most fearsome enforcers of health privacy laws,” he said.

“Prosecuting and defending a class action requires substantial legal skill,” according to Hales.

The expenses involved with these legal cases can quickly pile up. But the money involved goes beyond the sums paid to persons harmed by wrongful disclosure of their sensitive personal information, he said. “It is measured by legal and reputational costs saved by defendants and legal fees earned by plaintiffs’ lawyers.”

Breach Details

In its breach notice, Atlantic General said that on Jan. 29 it discovered that files on certain systems had been encrypted.

In the days following that discovery, Atlantic General temporarily closed its outpatient imaging services, walk-in lab services and pharmacy as it recovered from the incident (see: Cyberattack Wave on Healthcare Reaches Florida and Maryland).

Atlantic General said its forensics investigation determined that unauthorized access to certain servers began on Jan. 20, 2023. The healthcare firm said it took steps to secure its systems upon discovery of the intrusion.

On March 24, 2023, Atlantic General sent notification of the data breach to 30,407 individuals. But on May 15, 2023, further investigation determined that the total number of affected individuals was 136,981. Atlantic General subsequently notified the additional individuals about the breach.

Among the information subject to unauthorized access was each individual’s name, Social Security number, driver’s license number, financial account information, birthdate, medical record number, treating/referring physician, health insurance information, subscriber number, medical history information and diagnosis/treatment information, the hospital said.

Original Post url: https://www.databreachtoday.com/225m-settlement-reached-in-atlantic-general-hack-lawsuit-a-26105

Category & Tags: –

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

LogRhythm
A Guide to User and Entity Behavior Analytics (UEBA)
A Guide to User and...
BONI YEAMIN
100 Offensive Linux Security Tools
100 Offensive Linux Security Tools
SentinelOne
90 DAYS A CISO’S JOURNEY TO IMPACT
90 DAYS A CISO’S JOURNEY...
ChiefExecutive
Ciberseguridad: Prioridad Estratégica para los CEO.
Ciberseguridad: Prioridad Estratégica para los...
CYBER SECURITY COALITION
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
INL/EXT
Cybersecurity for Distributed Wind
Cybersecurity for Distributed Wind
ARTIC WOLF
Cybersecurity Compliance Guide
Cybersecurity Compliance Guide
ESRAA MOHAMAD
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
DRAGOS
Impact of FrostyGoop ICS Malware on Connected OT Systems
Impact of FrostyGoop ICS Malware...
Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act –...
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity...
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing

More Latest Published Posts

Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats and security best practices
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web Server SystemsHacking Techniques
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by Cigref
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration and Integration
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data
OPSWAP
Securing ICS SCADA updates OT Environments
Securing ICS SCADA updates OT Environments
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
WITH SECURE
Threat Landscape Update Report
Threat Landscape Update Report
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
Mihaela Curcă
The Role of Cyber Espionage inInternational Relations
The Role of Cyber Espionage inInternational Relations
GLOBAL NETWORK OF DIRECTOR INSTITUTES
THE FUTURE OF BOARD GOVERNANCE
THE FUTURE OF BOARD GOVERNANCE
Deloitte
The CISO’s Guide to Generative AI
The CISO’s Guide to Generative AI
Capgemini
PROMPT THE FUTURE
PROMPT THE FUTURE
Google
We’re All in this Together
We’re All in this Together
CyberSN
U.S. Cybersecurity Job Posting Data Report
U.S. Cybersecurity Job Posting Data Report
CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
McKinsey & Company
Transforming risk efficiency and effectiveness
Transforming risk efficiency and effectiveness
Arnold Antoo
Zero Trust Security Model
Zero Trust Security Model
Richea Perry
Your Cybersecurity Toolkit
Your Cybersecurity Toolkit
IGNITE Technologies
Wireless Penetration Testing
Wireless Penetration Testing