$3.4M Settlement Resolves Claims Against Nationwide Vision/Sightcare Over 2021 Data Breach
A $3.45 million settlement has been settlement has been proposed to resolve a consolidated class action lawsuit over a 2021 data breach at a U.S. Vision subsidiary that affected more than 710,000 individuals, including 637,999 Sightcare members and 73,073 Nationwide Optometry patients.
U.S. Vision is a HIPAA business associate that provides administrative services to Nationwide Optometry, Nationwide Vision Center, and Sightcare (Nationwide-Sightcare). On May 12, 2021, suspicious activity was detected within the network of U.S. Vision subsidiary, USV Optical.
The investigation confirmed that hackers had access to its email systems and computer network for a month between April 20, 2021, and May 17, 2021, and potentially obtained full names, dates of birth, addresses, Social Security numbers, taxpayer identification numbers, driver’s license numbers, financial account information, medical and/or treatment information, prescription medications, health insurance information, and billing and claims information.
Three class action lawsuits were consolidated into a single lawsuit – In re: U.S. Vision Data Breach Litigation – which was heard in the U.S. District Court for the District of New Jersey. The lawsuits alleged a failure to adequately safeguard sensitive information and provide timely and accurate notices to the affected individuals. The breach was detected in September 2021; however individual notifications were not mailed to the affected individuals until October 2022.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The plaintiffs claimed to have suffered injuries as a result of the data breach including out-of-pocket expenses, loss of the benefit of their bargains, emotional distress, and they had to spend time remedying the data breach and protecting themselves against the misuse of their sensitive data. The lawsuits asserted claims of negligence, negligence per se, breach of fiduciary duty, breach of implied contract, and unjust enrichment, and alleged violations of the Arizona Consumer Fraud Act and the Oklahoma Consumer Protection Act.
The proposed settlement resolves all claims against Nationwide-Sightcare. The settlement does not include U.S. Vision, Inc. and USV Optical, Inc. and resolves no claims against those companies. Nationwide-Sightcare maintains there was no wrongdoing and denies all claims made in the lawsuit; however, the decision was taken to bring the legal action to an end to avoid further legal costs and the uncertainty of trial.
Under the terms of the settlement, class members will receive several benefits. All class members who submit a claim will be entitled to 24 months of complimentary 3-bureau credit and identity theft monitoring services plus cash payments for both documented and undocumented expenses incurred as a result of the data breach. Alternatively, they can choose to receive a cash payment which will be paid pro rata after legal costs, attorneys’ fees, and claims have been paid. The cash payment is expected to be around $50 per claimant.
Class members who choose to submit a claim for losses due to the data breach can claim up to $5,400, which may include claims of up to $300 for documented ordinary expenses, including costs and expenses addressing identity theft and fraud and preventative measures such as purchasing credit monitoring services. Up to $5,000 can be claimed as reimbursement for documented extraordinary expenses, such as losses to identity theft and fraud, and up to $100 can be claimed for undocumented lost time at $25 per hour.
The deadline for objection to and exclusion from the settlement is August 23, 2024, claims must be submitted by September 23, 2024, and the final approval hearing is scheduled for October 15, 2024.
