What you need to know

The recent ransomware attack on Lehigh Valley Health Network has lead to patient information and photos being posted online and a class action lawsuit against the network.

The February attack by ransomware operator BlackCat was made on the network of a single physician practice in Lackawanna County but resulted in a massive amount of patient data getting leaked. LVHN has made clear it is not going to pay the ransom even after hackers leaked patient photos to the dark web. However, in the class action lawsuit filed Monday by Saltz Mongeluzzi & Bendesky on behalf of patients whose photos were posted online, the plaintiffs accuse LVHN of putting profits over patients and failing to do what was necessary to stop the hack from occurring in the first place.

Here is what you need to know about the hack, the data that was leaked and what to do if you’re a victim:

What data was leaked?

About 132 gigabytes of patient data and photos were leaked as part of the hack. Ransomware hackers have been known to encrypt data they steal, preventing the victims of the hack from accessing it or essential systems until the ransom is pai,d but that does not appear to have happened in this case.

A spokesperson for LVHN said they could not share exact details about what data was leaked. However, the network is working with cybersecurity firms and experts to analyze the scope of the data and analyze the content involved.

However, the class action lawsuit filed by a patient referred to as Jane Due states that besides photos, she was told by a network representative that her address, email address, date of birth, Social Security number, health insurance provider, medical diagnosis and treatment information, medications, and lab results we also possibly part of the leak.