A West Virginia hospital has agreed to resolve litigation from a 2024 ransomware attack that exposed nearly 27,000 patient records.
Weirton Medical Center experienced a ransomware attack between January 14 and January 18, 2024, during which hackers stole and encrypted sensitive data. The exposed information included names, dates of birth, Social Security numbers, health insurance details, and treatment records. Affected patients were notified in March 2024, and the breach was reported to federal regulators as impacting 26,793 individuals.
Four separate lawsuits were filed in response, which were later consolidated into a single case. Plaintiffs alleged negligence, breach of contract, breach of fiduciary duty, and other claims. Although Weirton denied liability, the case moved forward until mediation reached a settlement agreement.
The consolidated case, In re Weirton Medical Center Data Breach Litigation, survived a motion to dismiss before both sides agreed to mediation. Following a full day of discussions, the parties reached an agreement resolving all claims without an admission of wrongdoing.
Under the settlement terms, class members can choose between two compensation options:
In addition, class members will receive one year of three-bureau credit monitoring, identity theft protection, recovery services, and a $1,000,000 identity theft insurance policy.
Court filings note that Weirton continues to dispute the allegations but agreed to the settlement to avoid prolonged litigation. The court granted preliminary approval, with a final fairness hearing set for November 3, 2025. Deadlines include October 6, 2025, for objections or exclusions, and November 5, 2025, for claims submissions.
It means the court has reviewed the settlement terms and found them fair enough to notify class members, but the agreement is not final until the fairness hearing.
Settlements allow organizations to resolve litigation efficiently, avoiding the costs and uncertainties of a trial, while still providing compensation to affected individuals.
Credit monitoring alerts individuals to suspicious activity on their credit reports, helping them detect potential identity theft early.
It provides financial coverage for certain costs associated with identity theft, such as lost wages, legal fees, or expenses for restoring credit.
At the hearing, the court evaluates whether the settlement is adequate, reasonable, and in the best interest of class members before granting final approval.