Getty Images/iStockphoto
UMass Memorial Health Center Resolves Healthcare Data Breach Lawsuit With $1.2M Settlement
The proposed settlement will resolve allegations relating to a 2020 healthcare data breach at UMass Memorial Health Center that impacted patient PHI.
If approved by the Worcester County Superior Court, UMass Memorial Health Center will pay $1.2 million to settle a healthcare data breach lawsuit. The lawsuit stemmed from a breach that took place between June 24, 2020 and January 7, 2021.
According to an October 2021 breach notice, UMass Memorial Health’s network was hacked, resulting in the potential exposure of patient protected health information (PHI). The breach impacted nearly 3,000 individuals.
The information involved in the breach may have included medical record numbers, dates of service, provider names, diagnoses, procedure information, driver’s license numbers, financial account information, and Social Security numbers.
A subsequent lawsuit alleged that UMass Memorial was responsible for the breach due to negligence. UMass Memorial denied any wrongdoing but agreed to the settlement.
“The Court did not decide in favor of the Plaintiffs or Defendant. Instead, the Plaintiffs negotiated a settlement with Defendant that allows both the Plaintiffs and Defendant to avoid the risks and costs of lengthy and uncertain litigation and the uncertainty of a trial and appeals,” the settlement notice explained.
“It also allows Settlement Class Members to obtain payment and credit monitoring services without further delay. The Class Representatives and their attorneys think the Settlement is best for all Settlement Class Members. This Settlement does not mean that Defendant did anything wrong.”
If approved, impacted individuals will be eligible to claim up to $150 for ordinary expense reimbursements, such as bank fees, long distance phone charges, and postage, as well as up to three hours of lost time at a rate of $25 per hour.
Impacted individuals may also claim up to $5,000 in extraordinary reimbursements, such as actual monetary losses that resulted from the data breach.
Healthcare organizations are increasingly entering into settlements to resolve healthcare data breach lawsuits rather than enduring lengthier legal proceedings. Thoroughly documenting security and privacy practices, focusing on incident preparedness and response, and paying special attention to relevant state and federal breach notification laws are key strategies to managing the legal risks of a breach.