New Liberty Hospital; New York Blood Center; Memorial Blood Centers Settle Data Breach Lawsuits
New Liberty Hospital in Missouri, Memorial Blood Centers in Minnesota, and the New York Blood Center have settled class action lawsuits over cyberattacks that exposed patient data.
New Liberty Hospital Corporation
A $1,500,000 settlement has received preliminary approval from the court to resolve a class action lawsuit against Liberty Hospital in Missouri over a 2023 data breach involving the protected health information of 264,541 individuals. Liberty Hospital experienced a cyberattack on or around December 19, 2023. While it is unclear if data was encrypted in the attack, a ransom note was received, and the attacker claimed to have downloaded sensitive data from its network. The investigation confirmed that protected health information had been accessed and potentially obtained in the attack, including names, addresses, email addresses, telephone numbers, dates of birth, medical records, medical treatment information, diagnoses, Social Security numbers, and health insurance information. The affected individuals were notified on or around February 8, 2024.
The first class action lawsuit over the data breach was filed on January 17, 2024, following Liberty Hospital’s cyberattack announcement. A further lawsuit was filed on February 28, 2024, and the two class action complaints were consolidated into a single action – C.P. et al. v. New Liberty Hospital Corporation – in the District Court of Clay County, Missouri. The consolidated class action lawsuit asserted claims of negligence, negligence per se, invasion of privacy—public disclosure of private facts, breach of a fiduciary duty of confidentiality, breach of implied contract, breach of the implied covenant of good faith and fair dealing, unjust enrichment, violations of the Missouri Merchandising Practices Act, and negligent training and supervision. Liberty Hospital denies all liability and wrongdoing, and believes it has good defenses to all claims alleged in the lawsuit; however, a settlement was viewed as the best outcome to avoid the litigation costs and expenses, distraction, burden, and disruption to business operations from further litigation.
Liberty Hospital has agreed to establish a $1,500,000 settlement fund to cover attorneys’ fees and expenses, settlement administration costs, and service awards for the class representatives. After deducting those costs, the remainder of the settlement fund will be used to pay benefits for the class members. In addition, Liberty Hospital has agreed to invest more than $1,000,000 in cybersecurity enhancements. Class members may submit a claim for reimbursement of documented, unreimbursed losses resulting from the data breach up to a maximum of $500 per class member. Alternatively, a claim may be submitted for a cash payment, estimated to be $150 per class member. The cash payments may be higher or lower depending on the number of valid claims received. The deadline for submitting a claim, opting out, and objecting to the settlement is January 12, 2026. The final approval hearing has been scheduled for January 20, 2026.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
New York Blood Center & Memorial Blood Centers
New York Blood Center & Memorial Blood Centers have agreed to pay $500,000 to resolve a class action lawsuit over a January 2025 cyberattack and data breach. Hackers gained access to names, dates of birth, gender, blood type, certain blood test results, financial information for direct deposits, Social Security numbers, driver’s license numbers, and other government identification card numbers. The data breach affected 18,487 current or former living employees and 175,335 living donors.
Multiple lawsuits were filed in response to the data breach, which were consolidated into a single complaint – Dean, et al. v. New York Blood Center, Inc., et al – in Ramsey County District Court, Minnesota. The consolidated lawsuit alleged negligence for failing to implement reasonable and appropriate security measures to protect sensitive data from unauthorized access. The defendants deny all liability and wrongdoing, but agreed to settle the lawsuit to avoid the cost and risks associated with continuing with the litigation.
Attorneys’ fees (up to $166,666.66), attorneys’ expenses (up to $20,000), and service awards ($2,500 per class representative) will be deducted from the settlement fund, and the remainder will be used to pay for benefits for the class members. Class members may submit a claim for reimbursement of documented, unreimbursed losses up to a maximum of $2,500 per class member. Alternatively, a claim may be submitted for a cash payment, estimated to be $20 per class member. The cash payments may increase or decrease depending on the number of valid claims received. All class members are also entitled to claim a one-year membership to a medical data monitoring service, which includes a $1 million identity theft insurance policy. The deadline for objection to and opting out of the settlement is January 12, 2026. Claims must be submitted by February 11, 2026, and the final approval hearing is scheduled for February 10, 2026.
