San Diego Family Care, a medical, dental, & mental health services provider in California, has opted to settle a class-action lawsuit filed by patients affected by a 2020 data breach.
The data breach that prompted the lawsuit was announced by the healthcare services provider in May 2021. The breach report submitted to the HHS’ Office for Civil Rights (OCR) stated that 125,500 patients were impacted, though the total was afterward adjusted to 154,513 patients. The breached data included names, dates of birth, government ID numbers, Social Security numbers, medical diagnosis or treatment details, health insurance data, financial account numbers, and client identification numbers.
The security breach involving the use of ransomware took place in December 2020 at Netgain Technologies. Technology vendor and business associate Netgain Technologies reportedly gave a $2.3 million ransom payment to get the data decryption keys and prevent any further disclosures of information. San Diego Family Care was one of several healthcare organizations that suffered data breaches because of the attack.
Right after notifying the affected people, there were two class-action lawsuits filed against San Diego Family Care in relation to the data privacy breach. Although the ransomware attack was not targeted at San Diego Family Care, complainants in the lawsuits stated that San Diego Family Care had failed to secure patient information, had not applied enough data security procedures, and didn’t give notification letters immediately. Netgain Technologies informed San Diego Family Care regarding the data breach last January 2021, however, the notice letters weren’t sent to impacted persons until May.
San Diego Family Care has not acknowledged any wrongdoing and did not agree to any liability for the data breach; however, did concur to resolve the lawsuit. The suggested settlement will have a funding of $1,000,000 to take care of claims from affected individuals. Claims could be submitted for a base settlement of around $100 per person, up to $1,000 for ordinary out-of-pocket costs, and approximately $5,000 for remarkable out-of-pocket costs.
Proof of losses and expenses ought to be sent with claims, including the evidence of fraudulent charges, payments for credit monitoring services, and other expenses. Individuals will additionally be provided complimentary identity theft protection services. The codes for activating those services will be mailed to individuals who submit a claim. Legitimate claims should be submitted by July 15, 2022, and the final approval for the settlement is slated for July 29, 2022.