Fraud Management & Cybercrime , Healthcare , Industry Specific

Patient in Leaked Photos Drops Pursuit for Ransom Payment

'Jane Doe' Wanted Health System to Pay Ransom to Take Sensitive Photos Off Dark Web
Patient in Leaked Photos Drops Pursuit for Ransom Payment
The lead plaintiff in a lawsuit against Lehigh Valley Health Network has dropped her legal pursuit for the entity to pay a ransom to hackers who leaked sensitive patient photos. (Image: LHVN)

The lead plaintiff in a proposed class action lawsuit against Lehigh Valley Health Network dropped her push for a court order requiring the medical center to pay ransomware hackers in exchange for their pledge to remove from the dark web partially naked exam room photos stolen during a hacking incident.

See Also: Survey: State of Security Automation in Financial Services

The mid-April decision by cancer patient Jane Doe's legal team to drop their legal bid for an order came after the federal judge in the case pressed her attorney over whether the court has authority "to force a party to comply with an illegal act or pay an illegal ransom."

Lehigh Valley Health Network refused to pay a ransom in the aftermath of a February attack launched by affiliates of Russian-speaking ransomware-as-a-service group BlackCat - also known as Alphv. The group responded by posting onto its leak site exam photos of Jane Doe and another patient taken during stages of undress during breast cancer radiation treatments (see: BlackCat Leaking Patient Data and Photos Stolen in Attack).

Brian Nester, the CEO of Lehigh Valley Health Network, which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, admitted on Feb. 22 that the entity had been hit with an attack by BlackCat (see: Pennsylvania Health System CEO Confirms BlackCat Attack).

Nester said the organization's initial analysis showed that the incident involved a computer system "used for clinically appropriate patient images for radiation oncology treatment and other sensitive information."

Worth a Try

Attorney Erik Weinick of the law firm Otterbourg, who is not involved in the Lehigh Valley Health Network case, says U.S. District Judge Malachy Mannion's questions to Jane Doe's attorneys about the authority of the court to order Lehigh Valley Health Network to pay "an illegal ransom" highlight the challenges presented by the relief sought by the plaintiff.

"Judge Mannion asked exactly the right question: 'What authority do I have to grant the relief you are requesting,' or conversely, 'How am I not expressly precluded from granting the relief you are requesting?'" Weinick told Information Security Media Group.

"Judge Mannion’s exact words more than infer the court's initial conclusion that the relief sought likely constitutes an illegal act," Weinick said, adding, "A court may not compel a party to perform an unlawful act."

Victims of other data breaches and similar leaks should not take the latest developments in the Leigh Valley Health Network legal case as a reason to not pursue remedies in their own post-cyberattack battles, Weinick said.

"It would be unfortunate if those working on behalf of cyber victims are discouraged from developing innovative and ameliorative solutions as a result of the 'scrubbed launch' here," he said.

Neither Lehigh Valley Health Network nor an attorney representing Jane Doe in her lawsuit against the entity immediately responded to Information Security Media Group's request for comment on the latest developments in the legal case.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.