Lamoille Health Partners Suffers Ransomware Attack, Settles Class Action Lawsuit

Lamoille Health Partners, a healthcare services provider operating in the Lamoille Valley, has been the target of a ransomware attack that resulted in the exposure of sensitive patient data. The attack occurred in June 2022, and the company discovered the breach on June 13. The incident led to a class action lawsuit, which Lamoille Health Partners settled for $540,000.

The ransomware attack impacted 59,381 individuals, and the compromised data included names, addresses, Social Security numbers, health insurance information, birth dates, and medical treatment information. Despite the attack, Lamoille Health Partners did not have to pay any ransom to regain access to their system.

Lamoille Health Partners is a health program system that provides services to Lamoille County. The company operates various healthcare facilities, including Lamoille Health Family Medicine, Pediatrics, Family Dentistry, and Behavioral Health and Wellness in Morrisville; Lamoille Health Family Medicine and Pharmacy of Stowe; and Lamoille Health Family Medicine in Cambridge.

The settlement agreement requires individuals to submit a valid claim form by June 20, 2024, to receive settlement benefits. The final approval hearing for the settlement is scheduled for September 30, 2024.

The incident highlights the importance of robust cybersecurity measures in the healthcare sector, where sensitive patient data is a valuable target for threat actors. Despite the company's efforts to restore their systems from backups and investigate the incident, the attackers were able to access and potentially acquire certain documents from the organization's systems.

Lamoille Health Partners has not admitted wrongdoing but agreed to the settlement to resolve the class action lawsuit. The company's vulnerabilities in being targeted by threat actors are not explicitly stated in the available information, but the incident underscores the need for healthcare organizations to prioritize cybersecurity to protect patient data and prevent similar attacks in the future.

Sources

• Lamoille Health Partners | Healthcare Services in the Lamoille Valley
• HIPAA Vault - HIPAA Web Hosting & Cloud Solutions on LinkedIn
• Lamoille Health Partners to pay $540,000 Following Ransomware Attack
• Ransomware Attack at Lamoille Health Partners Impacts 59K
• Lamoille Health Partners Settles Class Action Data Breach Lawsuit for $540,000