Liberty Hospital reaches preliminary settlement after 2023 data breach

A Missouri hospital has secured initial court approval to resolve litigation tied to a cyber incident that exposed patient information.

What happened

New Liberty Hospital Corporation has received preliminary court approval for a settlement resolving class action claims linked to a December 2023 cyberattack. Court filings show that attackers accessed the hospital’s network and claimed to have downloaded sensitive data, prompting notifications to more than 264,000 individuals in early 2024. The exposed information included patient identifiers and clinical details, which triggered multiple lawsuits that were later consolidated in the Missouri state court.

Going deeper

The incident was identified after Liberty Hospital detected suspicious activity and received a ransom note from the attacker. A forensic investigation confirmed that protected health information (PHI) had been accessed and may have been obtained. Plaintiffs alleged that the hospital failed to implement adequate safeguards and that delays and deficiencies in security practices increased the scope of exposure. Liberty Hospital denied the allegations and stated that it maintained appropriate defenses but chose to pursue a settlement to avoid the cost and disruption of prolonged litigation. As part of the resolution, the hospital also committed to making security improvements separate from the settlement fund.

What was said

In court submissions, Liberty Hospital maintained that the settlement does not represent an admission of wrongdoing. The hospital argued that continuing litigation would divert resources from patient care and operations. Plaintiffs contended that the breach created risks of identity theft and misuse of medical information and that affected individuals were entitled to relief. The court granted preliminary approval, allowing notice to class members and setting the stage for a final review following the claims and objection period.

The big picture

Healthcare organizations continue to face sustained pressure from cyber incidents that expose large volumes of patient data and lead to legal action. Data from the U.S. Department of Health and Human Services breach reporting portal shows that hacking and IT incidents remain the leading cause of large healthcare breaches, with millions of individuals affected each year. These trends have contributed to an increase in negotiated resolutions as providers weigh litigation risk against operational impact.

FAQs

What types of data are commonly involved in hospital cyber incidents?

They often include patient identifiers, contact information, insurance details, and elements of the medical record stored in clinical or administrative systems.

Does a settlement mean the hospital admitted fault?

No. Settlements typically resolve claims without an admission of liability and are often pursued to limit cost and uncertainty.

Why do healthcare breaches frequently lead to class action lawsuits?

Large patient populations, regulatory notification requirements, and the sensitivity of health data increase legal exposure after a breach.

What part do courts play after preliminary approval?

Courts review whether the settlement is fair and reasonable, oversee notice to affected individuals, and hold a final hearing before approval.

How can hospitals reduce future breach risk?

They can strengthen access controls, monitor networks continuously, limit data exposure, and reinforce workforce training around security practices.