Getty Images/iStockphoto

San Juan Regional Medical Center Reaches Settlement Following Healthcare Data Breach

The class-action lawsuit stemmed from a 2020 healthcare data breach that impacted nearly 69,000 individuals.

San Juan Regional Medical Center (SJRMC) reached a proposed settlement following a 2020 healthcare data breach that impacted nearly 69,000 individuals.

According to the original breach notice, issued in September 2021, SJRMC discovered unauthorized access to its network in September 2020. SJRMC later determine that an unauthorized party had removed files from its network containing patient information.

The files contained patient names, Social Security numbers, driver’s license numbers, financial account numbers, birth dates, passport information, health insurance information, and medical information.

Following the incident, patients filed a lawsuit alleging that SJRMC failed to adequately safeguard patient and employee information as required by HIPAA. SJRMC denied any wrongdoing and agreed to resolve the lawsuit outside of court.

If the proposed settlement is approved, class members will receive two years of identity theft protection and credit monitoring services. Settlement subclass members, defined as people who were notified that the cyberattack had involved their Social Security, driver’s license, passport, or financial account numbers, are eligible for up to $2,500 in compensation for unreimbursed losses.

Additionally, subclass members are eligible for identity theft protection and credit monitoring services and up to three hours of lost time at a rate of $17.50 per hour.

“Plaintiffs and their counsel believe that, in consideration of all the circumstances, and after prolonged and serious arm’s-length settlement negotiations with Defendant, the proposed settlement embodied in the Settlement Agreement is fair, reasonable, and adequate, and is in the best interests of all members of the Settlement Class and Settlement Subclass,” the settlement agreement stated.

Next Steps

Dig Deeper on Cybersecurity strategies