LifeBridge Health hasn’t admitted any wrongdoing, but agreed to the settlement resolving allegations that it failed to protect patient information, as well as allegations suggesting that it could have prevented the data breach with reasonable cybersecurity measures.
The breach compromised information such as patient names, dates of birth, Social Security numbers and more.
Under the settlement, affected patients can receive reimbursement for lost time and other ordinary and extraordinary losses resulting from the data breach.
LifeBridge Health also agreed to invest $7.9 million to make cybersecurity improvements, which include encryption of sensitive data, tracking software for biomedical devices, network monitoring, regular maintenance, annual security training, enhanced account security, two-factor authentication and more.
