Hospital Authority prepares for settlement following 100K data breach

The Hospital Authority, which does business as Memorial Hospital & Manor, will have their final settlement approval hearing on January 1st. 

What happened

In late 2024, Memorial Hospital & Manor, located in Bainbridge, George, faced a data breach that resulted in protected health information (PHI) being accessed by a third party. According to their initial notice, released to the public on February 10th, 2025, the incident took place on November 2nd, 2024, when Memorial became aware of unusual activity. 

Following an investigation, Memorial determined that the following information had been involved: patient names, Social Security numbers, date of birth, health insurance information, and medical treatment information. The incident ultimately impacted approximately 100,000 individuals. The ransomware group Embargo claimed responsibility for the attack and allegedly posted 1.15 terabytes of data. 

What’s new

Since the incident, several plaintiffs have been engaged in legal action against the hospital

On July 2nd, 2025, the two parties engaged in a mediation process, which, following some additional negotiations, helped finalize the settlement agreement. The settlement class includes 105,170 members. The final approval hearing is scheduled for January 20th, 2026. Individuals with documented losses may be able to receive up to $5,000.

The big picture

Litigation is common following data breaches and past reports have found that breaches “almost always trigger downstream litigation.” The data breach at Solara Medical Supplies’ further shows “how regularly enforcement is escalating, putting organizations at greater financial risk.” 

Outside of the costs of a settlement or litigation, ransomware attacks can have other costs–like if the organization decides to pay the ransom or has to pay for de-encryption services. Ransomware attacks are on the rise, with a 265% surge. Ransomware groups can emerge and disappear quickly, often utilizing various softwares that can make them difficult to predict or prevent. Nevertheless, organizations have an obligation to do everything they can to prevent these attacks, which can be a direct threat to patient safety. By using encrypted email services, like Paubox, organizations can prevent attacks through email from being successful. 

FAQs

Who is the Embargo ransomware group?

Embargo is believed to be a new variant of the BlackCat ransom group based on the technology used. While Embargo is a relatively new group, it’s estimated that they have already extorted approximately $34 million from companies in the United States, with healthcare organizations being their top target. It’s believed to have emerged in June, 2024. 

What is the total settlement fund? 

Court documents don’t show what the total settlement fund is, but we know that class members may claim up to $5,000 in documented losses and there may be up to 105,170 class members.  Additional costs may also go towards administrative and court fees.