A Seattle cancer center has agreed to pay $11.5 million to settle a proposed class action lawsuit involving a 2023 double-extortion ransomware attack that affected 2.1 million people, with some patients directly threatened by hackers with swatting attacks if they didn’t pay a ransom.
In addition to the $11.5 million financial settlement, the agreement requires Fred Hutchinson Cancer Center, which is affiliated with the University of Washington and a named co-defendant in the lawsuit – “to spend over $13.5 million in business practice enhancements to improve its data security systems and protect the private Information it continues to collect, utilize and possess.”
The settlement requires UW Medicine “to engage, jointly with Fred Hutch, a third-party auditor to assess the policies, procedures and security controls for patient data it shares with Fred Hutch under affiliation, clinical care and research agreements and protocols.”…