CorrectCare Integrated Health Data Breach Lawsuit Settled for $6.49 Million
A class action lawsuit against CorrectCare Integrated Health LLC (CorrectCare) over a 2022 data breach that affected around 600,000 individuals has been settled for $6.49 million. The settlement has recently been granted final approval by the court.
CorrectCare is a Kentucky-based third-party administrator that facilitates access to medical providers and manages the payment of medical claims for inmates at correctional facilities. In July 2022, CorrectCare identified a misconfiguration on its web server that allowed two file directories to be accessed over the Internet without authentication. The misconfiguration meant sensitive data was exposed over the Internet from January 22, 2022, to July 7, 2022, which included the data of individuals who received treatment between January 1, 2012, and July 7, 2022. The exposed data included names, dates of birth, inmate numbers, and limited health information, including diagnosis codes, CPT codes, treatment providers, dates of treatment, and for some individuals, Social Security numbers.
A class action lawsuit was filed by the law firm Shub & Johns in December 2022 in the U.S. District Court for the Eastern District of Kentucky. An amended complaint was filed on March 23, 2024, including S&J partner Benjamin F. Johns as co-lead counsel. The lawsuit survived CorrectCare’s motion to dismiss and a tentative settlement was reached between the plaintiffs and CorrectCare which received preliminary approval in April 2024 and required claims to be submitted by August 27, 2024. On September 17, 2024, Chief Judge Danny C. Reeves issued an order granting final approval to the $6.9 million settlement.
More than 100,000 claims were filed, which equates to around 17% of the class. Some individuals learned about the settlement too late to file a claim, but class counsel granted those individuals an extension to file a claim. According to class counsel, many of the individuals represented in the lawsuit would have been unlikely to have taken legal action individually and, were it not for the efforts of the class counsel, would not have been compensated for the data breach. One-third of the settlement amount will cover legal fees, $12,313 will cover litigation expenses, and the 5 named plaintiffs will receive service awards of $2,500.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
