A US healthcare provider, Norton Healthcare Inc., is settling a class-action lawsuit following a significant cybersecurity incident. The breach, which occurred in May 2023, exposed sensitive personal identifying information of patients and former patients.
Norton Healthcare has agreed to establish an $11 million settlement fund. Under the terms of the settlement, eligible individuals will be reimbursed up to $2,500 for out-of-pocket losses incurred due to the data leak.
The lawsuit alleged that Norton Healthcare failed to implement adequate security measures and did not promptly notify victims of the breach. The company is accused of not adhering to industry standards for data security and failing to properly train employees on cybersecurity protocols, which ultimately led to the data exposure.