Capital Health, a health care provider with multiple locations in New Jersey and Pennsylvania, will pay $4.5 million as part of a settlement over a 2023 data breach that compromised the private information of patients, former patients and employees.
In a statement, the company said the stolen information included names, addresses, social security numbers, dates of birth, email addresses, telephone numbers and potentially clinical information.
Anyone whose private information was potentially compromised because of the data breach may be entitled to a cash payment of up to $5,000, according to a notice of settlement..
In addition, members of the settlement may be eligible to receive three years of free credit monitoring. Claims must be submitted online or mailed by April 6.
The payments will be distributed after the settlement is approved by the court and becomes final.
The settlement agreement is not an admission of wrongdoing. Capital Health expressly denies any fault or liability related to the data incident.
In November 2023, Capital Health experienced a computer network outage due to a cyberattack.
The company subsequently launched an investigation which revealed that “a cybercriminal organization” may have accessed files on the company’s network.
On Jan. 7, 2024, the international ransomware group LockBit claimed responsibility for the attack, stating that it stole over 10 million files from Capital Health, according to the settlement document.
The group threatened to publicly release the private data on Jan. 9, 2024, unless Capital Health paid a ransom, according to the settlement.
It’s unclear how much they demanded and whether Capital Health paid up.
A company spokesman said Tuesday that “at this time we will not be commenting on the lawsuit/data breach settlement.”
Capital Health operates two hospitals — Regional Medical Center in Trenton and Capital Health Medical Center in Hopewell — an outpatient facility in Hamilton, and a network of doctors’ offices, according to its website.