TRENDING:

Fraud Management & Cybercrime , Healthcare , Industry Specific

Patient in Leaked Photos Drops Pursuit for Ransom Payment

'Jane Doe' Wanted Health System to Pay Ransom to Take Sensitive Photos Off Dark Web Marianne Kolbasuk McGee (HealthInfoSec) • May 2, 2023    
Patient in Leaked Photos Drops Pursuit for Ransom Payment
The lead plaintiff in a lawsuit against Lehigh Valley Health Network has dropped her legal pursuit for the entity to pay a ransom to hackers who leaked sensitive patient photos. (Image: LHVN)

The lead plaintiff in a proposed class action lawsuit against Lehigh Valley Health Network dropped her push for a court order requiring the medical center to pay ransomware hackers in exchange for their pledge to remove from the dark web partially naked exam room photos stolen during a hacking incident.

See Also: Securing Healthcare Against Ransomware Post-COVID-19

The mid-April decision by cancer patient Jane Doe's legal team to drop their legal bid for an order came after the federal judge in the case pressed her attorney over whether the court has authority "to force a party to comply with an illegal act or pay an illegal ransom."

Lehigh Valley Health Network refused to pay a ransom in the aftermath of a February attack launched by affiliates of Russian-speaking ransomware-as-a-service group BlackCat - also known as Alphv. The group responded by posting onto its leak site exam photos of Jane Doe and another patient taken during stages of undress during breast cancer radiation treatments (see: BlackCat Leaking Patient Data and Photos Stolen in Attack).

Brian Nester, the CEO of Lehigh Valley Health Network, which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, admitted on Feb. 22 that the entity had been hit with an attack by BlackCat (see: Pennsylvania Health System CEO Confirms BlackCat Attack).

Nester said the organization's initial analysis showed that the incident involved a computer system "used for clinically appropriate patient images for radiation oncology treatment and other sensitive information."

Worth a Try

Attorney Erik Weinick of the law firm Otterbourg, who is not involved in the Lehigh Valley Health Network case, says U.S. District Judge Malachy Mannion's questions to Jane Doe's attorneys about the authority of the court to order Lehigh Valley Health Network to pay "an illegal ransom" highlight the challenges presented by the relief sought by the plaintiff.

"Judge Mannion asked exactly the right question: 'What authority do I have to grant the relief you are requesting,' or conversely, 'How am I not expressly precluded from granting the relief you are requesting?'" Weinick told Information Security Media Group.

"Judge Mannion’s exact words more than infer the court's initial conclusion that the relief sought likely constitutes an illegal act," Weinick said, adding, "A court may not compel a party to perform an unlawful act."

Victims of other data breaches and similar leaks should not take the latest developments in the Leigh Valley Health Network legal case as a reason to not pursue remedies in their own post-cyberattack battles, Weinick said.

"It would be unfortunate if those working on behalf of cyber victims are discouraged from developing innovative and ameliorative solutions as a result of the 'scrubbed launch' here," he said.

Neither Lehigh Valley Health Network nor an attorney representing Jane Doe in her lawsuit against the entity immediately responded to Information Security Media Group's request for comment on the latest developments in the legal case.

Previous
Taking a More Quantifiable Security Risk Approach
Next
Insider Threat: Organizations Must Focus on Risk

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.