Getty Images

CO Urology Practice Resolves Healthcare Data Breach Lawsuit With Settlement

The Urology Center of Colorado resolved a healthcare data breach lawsuit after a 2021 breach that impacted more than 137,000 individuals.

The Urology Center of Colorado (TUCC) reached a proposed settlement to resolve a class-action healthcare data breach lawsuit filed in the aftermath of a September 2021 breach that impacted 137,820 individuals.

TUCC notified impacted individuals of the breach in November 2021 after discovering in September that certain parts of its network may have been accessed by an unauthorized party. The information involved in the incident included names, birth dates, Social Security numbers, phone numbers, addresses, email addresses, and medical information.

In response to the incident, TUCC said that it had changed account passwords and implemented enhanced security measures.

The initial complaint stated that the urology center had “obligations created by HIPAA, contract, industry standards, common law, and representations made to Plaintiffs and the Class Members to keep their Private Information secure and confidential and to protect it from unauthorized access and disclosure.”

By allegedly failing to honor those obligations, TUCC “put all Class Members at risk of identity theft, financial fraud, and other serious harms,” the complaint stated. The plaintiffs argued that the “Defendant’s actions represent a flagrant disregard of Plaintiffs’ and the other Class Members’ rights.”

Specifically, the plaintiffs alleged that TUCC failed to adequately monitor its networks, failed to maintain reasonable data security safeguards, and failed to implement mitigation and back-up plans in the event of a cyberattack.

The Colorado urology practice denied all wrongdoing and agreed to a settlement. The final approval hearing for the settlement is set for late October.

Class members may be able to receive up to $500 for ordinary out-of-pocket expenses such as unreimbursed bank fees and long-distance phone charges. Additionally, class members may be reimbursed up to $2,500 for extraordinary expenses, such as the exhaustion of all available credit monitoring and identity theft insurance.

Next Steps

Dig Deeper on Cybersecurity strategies