Lincare Holdings Proposes $7.25 Million Settlement to Resolve Data Breach Lawsuit
A $7.25 million settlement has been proposed to resolve a class action lawsuit – In re: Lincare Holdings Inc. Data Breach Litigation – filed against Lincare Holdings over a September 2021 data breach that affected 2,918,444 individuals.
Lincare Holdings is a provider of in-home respiratory care and equipment. In September 2021, unauthorized activity was detected within its network and the forensic investigation confirmed an unauthorized third party had gained access to files containing patient data. The exposed HIPAA protected health information included names, addresses, Lincare account numbers, dates of birth, treatment information, provider names, dates of service, diagnosis and procedure information, account or record numbers, health insurance information, and prescription information, and for a small number of affected individuals, Social Security numbers.
Legal action was taken by the affected individuals who alleged that Lincare Holdings was negligent for failing to implement reasonable and appropriate cybersecurity measures, and had those measures been implemented, the data breach could have been avoided. Lincare has not admitted any wrongdoing but has proposed a settlement to end the litigation.
Class members will be permitted to submit claims for up to $5,000 as reimbursement for out-of-pocket losses fairly traceable to the data breach, including up to 4 hours of lost time at $20 per hour. Recoverable losses include bank fees, credit fees, communication costs, unreimbursed fraudulent charges, and losses to identity theft. Individuals who were California residents at the time of the breach can also claim an additional $90.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
All class members are eligible to receive a one-year membership to Medical Shield services, which includes medical record monitoring, health insurance monitoring, dark web monitoring, real-time authentication alerts, high-risk transaction monitoring, Medicare monitoring, provider monitoring HSA monitoring, ICD monitoring, credit freeze assistance, and identity theft remediation services. They will also be covered by a $1 million identity theft insurance policy.
Claims must be submitted by April 15, 2024, and any class member wishing to object to or exclude themselves from the settlement must do so by March 14, 2024. The final hearing has been scheduled for June 12, 2024.
The plaintiff and class members were represented by John A. Yanchunis of Morgan & Morgan; Stephen R. Basser of Barrack Rodos & Bacine; Raina Borrelli of Turke & Strauss LLP; Alexandra M Honeycutt of Milberg Coleman Bryson Phillips Grossman PLLC; and Carl V Malmstrom of Wolf Haldenstein Adler Freeman & Herz LLC
