According to the lawsuit [PDF] filed this week, here’s how one of the patients, identified as “Jane Doe” found out about the data breach — and that LVHN had stored nude images of her on its network in the first place. On March 6, LVHN VP of Compliance Mary Ann LaRock, called Doe and told her that her nude photos had been posted on the hackers’ leak site. “Ms. LaRock offered plaintiff an apology, and with a chuckle, two years of credit monitoring,” the court documents say. In addition to swiping the very sensitive photos, the crooks also made off with everything needed for identity fraud.
According to the lawsuit, LaRock also told Doe that her physical and email addresses, along with date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach. “Given that LVHN is and was storing the sensitive information of plaintiff and the class, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach,” the lawsuit says. It claims LVHN was negligent in its duty to safeguard patients’ sensitive information, and seeks class action status for everyone whose data was exposed with monetary damages to be determined. Pennsylvania attorney Patrick Howard, who is representing Doe and the rest of the plaintiffs in the proposed class action, said he expects the number of patients affected by the breach to be in the “hundreds, if not thousands.”
Read more of this story at Slashdot.
Go to Source of this post
Author Of this post: BeauHD