Liberty Hospital experienced a data breach on December 19, 2023, when an unauthorized threat actor accessed its computer network, exposing sensitive patient information. The compromised data included names, addresses, dates of birth, medical records (diagnoses, treatment details), Social Security numbers, health insurance information, email addresses, and telephone numbers. The breach led to a $1.5 million class-action settlement, offering affected individuals up to $500 for documented losses (e.g., identity theft, credit monitoring, fraud-related expenses) or an estimated $150 cash payment (pro rata adjusted). The incident highlights risks to patient privacy, financial fraud, and reputational damage, with potential long-term consequences for trust in the hospital’s data security. The settlement fund covers legal fees, administrative costs, and compensation for victims, with payouts distributed via PayPal, Venmo, Zelle, prepaid cards, or checks. The breach underscores vulnerabilities in healthcare cybersecurity, particularly in safeguarding personally identifiable information (PII) and protected health information (PHI).
Source: https://www.claimdepot.com/settlements/liberty-hospital-data-incident-settlement
Liberty Hospital cybersecurity rating report: https://www.rankiteo.com/company/liberty-hospital
"id": "LIB2720227112425",
"linkid": "liberty-hospital",
"type": "Breach",
"date": "12/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients and others with '
'exposed private information '
'(exact number unspecified)',
'industry': 'Healthcare',
'name': 'Liberty Hospital',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Eligible individuals can claim up to $500 for '
'documented losses or $150 cash payment; claims must '
'be submitted by Jan. 12, 2026',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access by third '
'parties)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and health insurance information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2023-12-19',
'description': 'Liberty Hospital agreed to pay $1.5 million to settle a class '
'action lawsuit alleging an unauthorized threat actor accessed '
'its computer network on or about Dec. 19, 2023, potentially '
'exposing sensitive information of patients and others. '
'Individuals whose private information may have been exposed '
'could be eligible to claim up to $500 for documented losses '
'or an estimated $150 cash payment from the settlement.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Names',
'Addresses',
'Date of birth',
'Medical records',
'Medical treatment information',
'Diagnoses',
'Social Security numbers',
'Telephone numbers',
'Health insurance information',
'Email addresses'],
'financial_loss': '$1.5 million (settlement fund)',
'identity_theft_risk': 'High (due to exposure of SSNs, medical '
'records, and PII)',
'legal_liabilities': '$1.5 million class action settlement',
'systems_affected': ['Computer network']},
'investigation_status': 'Settled via class action lawsuit (final approval '
'hearing on Jan. 20, 2026)',
'references': [{'source': 'Liberty Hospital Data Incident Settlement Official '
'Website'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
'$1.5 million'},
'response': {'communication_strategy': 'Class action settlement notifications '
'sent to affected individuals'},
'stakeholder_advisories': 'Settlement notices sent to affected individuals',
'threat_actor': 'Unauthorized threat actor',
'title': 'Liberty Hospital $1.5 Million Data Breach Settlement',
'type': 'Data Breach'}