Jane Doe vs. Lehigh Valley Health Network, Inc.

Case Background

On June 26, 2023, Plaintiff Jane Doe filed a personal injury lawsuit in the Lackawanna County Court of Common Pleas (Case number: 23-CV-1149). Judge Malachy E. Mannion presided over the case.

Cause

On February 6, 2023, Lehigh Valley Health Network (LVHN), a major healthcare provider in eastern Pennsylvania, suffered a significant data breach. This breach was perpetrated by the notorious cybercriminal group ALPHV, also known as BlackCat, known for targeting healthcare and academic institutions. LVHN detected unauthorized activity on its IT systems and promptly launched an investigation. The hackers gained unauthorized access to LVHN's computer network, compromising a vast amount of sensitive patient information. This included personally identifiable information (PII) and protected health information (PHI) such as:

• Addresses
• Email addresses
• Dates of birth
• Social Security numbers
• Passport information
• Driver's license numbers / State ID numbers
• Health insurance provider details
• Medical diagnoses and treatment information
• Medications
• Lab results

Most alarmingly, the hackers obtained nude photographs of cancer patients receiving radiation treatment. These images were taken as part of the patients' medical care, often without their explicit knowledge. After accessing this sensitive data, the hackers demanded a ransom from LVHN, threatening to release the nude images publicly if their demands were not met. LVHN decided not to pay the ransom, resulting in the hackers posting the sensitive images on the internet, where they may remain indefinitely. LVHN serves thousands of individuals annually, maintaining a massive repository of sensitive information. This made them a particularly lucrative target for data thieves aiming to misuse or sel