Berlin, Md.-based Atlantic General Hospital agreed to pay a $2.25 million settlement to resolve a data breach lawsuit stemming from a January 2023 ransomware attack against the system, according to The HIPAA Journal.
The hackers gained access to Atlantic General's IT system for nine days before encrypting the files. Patient services were disrupted for several days after the files were encrypted and an investigation found nearly 137,000 patients were affected.
Several lawsuits were consolidated into a class action suit in the U.S. District Court for the District of Maryland, according to the report. Plaintiffs alleged Atlantic General was "negligent" and "reckless" in failing to protect patient information because sensitive data wasn't encrypted on its network, and the hackers went undetected for multiple days.
The health system plans to create a $2.25 million fund to cover legal expenses and attorney fees, and class members can submit a claim for $5,000 or less to reimburse for documented losses.