Getty Images

Advent Health Partners Agrees to $500K Healthcare Data Breach Settlement

Advent Health Partners reached a settlement of $500,000 to address allegations over a 2021 healthcare data breach that exposed the protected health information of thousands.

Advent Health Partners has agreed to pay a $500,000 settlement to resolve a class-action lawsuit stemming from a 2021 healthcare data breach that affected more than 60,000 patients.

Advent Health Partners is a healthcare claims review vendor. In September 2021, it discovered suspicious activity within its email environment.

Further investigation revealed that an unauthorized party accessed employee email accounts containing patient information, including names, Social Security numbers, driver’s license information, dates of birth, health insurance information, medical treatment information, and financial account information.

The plaintiff alleged that Advent Health Partners failed to promptly notify impacted patients about the data breach, taking almost five months to do so, and provided no explanation for the significant delay between the initial discovery of the breach and the eventual notification.

The notification delay allegedly violated the HIPAA breach notification rule requiring organizations to notify patients of healthcare data breaches within 60 days

The subsequent lawsuit claimed the delay “resulted in Plaintiff and Class members suffering harm they otherwise could have avoided had a timely disclosure been made.”

Besides the lack of timeliness of the notification, the plaintiff had additional concerns about the notice's lack of detail.

According to the class action complaint, “AHP’s notice of the Data Breach was not just untimely but woefully deficient, failing to provide basic details, including but not limited to, how unauthorized parties accessed its networks, whether the information was encrypted or otherwise protected, how it learned of the Data Breach, whether the breach occurred system-wide, whether servers storing information were accessed, and how many customers were affected by the Data Breach.”

The lawsuit also alleged that the data breach occurred due to Advent Health Partners’ inadequate data security measures, violating several HIPPA and FTC guidelines.

“Defendant disregarded the rights of Plaintiff and Class members by intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures to ensure that Plaintiff’s and Class members’ PII was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data,” the lawsuit stated.

While Advent Health Partners hasn’t admitted to any wrongdoing, it has agreed to resolve the class action lawsuit via a $500,000 settlement. Class members are eligible for up to $750 in reimbursement for expenses such as out-of-pocket losses, purchased theft insurance products, and lost time dealing with the breach at a rate of $18 per hour.

Additionally, class members are eligible to receive three years of credit monitoring. Advent Health Partners has also agreed to implement data security enhancements to increase the protection of private information stored on its computer systems.

Following a healthcare data breach, lawsuits have become increasingly frequent and often lead to large settlements. Since the start of 2023, UMass Memorial Health Center, GoodRx, Katherine Shaw Bethea (KSB) Hospital, Logan Health, and several others have been hit with large settlements as a result of a healthcare data breach.

Next Steps

Dig Deeper on HIPAA compliance and regulation