$14 Million Settlement Approved to Resolve Independent Living Systems Data Breach Litigation
A $14 million settlement has received preliminary approval to end class action data breach litigation against Independent Living Systems (ILS), which experienced a data breach in 2022 that was reported to the HHS’ Office for Civil Rights as affecting 4,226,508 individuals.
ILS is a Florida-based provider of long-term support services to vulnerable populations in the Medicare, Medicaid, and dual-eligible markets. On or around July 5, 2022, ILS learned that a malicious third party had accessed its network and acquired files containing sensitive data. The stolen information included names, Social Security numbers, taxpayer identification numbers, medical or health insurance information, and other sensitive information. The affected individuals were notified about the data breach on March 14, 2023.
Several lawsuits were filed against ILS over the data breach, the first of which was filed on March 17, 2023. The lawsuits name the following individuals as plaintiffs: David Asato, Katrina Berres, Ge Xiao Fang, Melinda Geleng, Mathew George, Maria Gomez, Dimitri Gutierrez, Chelsea Jensen, Rhianna McMullen, David Perez, Mark Salzano, Ernest Scoggan, and Ryan Smith
On July 31, 2023, the lawsuits were consolidated in the United States District Court for the Southern District of Florida into a single action – In re Independent Living Systems Data Breach Litigation – as they all made similar claims and were based on the same facts. The plaintiffs alleged negligence for failing to implement reasonable and appropriate cybersecurity measures to safeguard their protected health information, negligence per se, unjust enrichment, and a violation of the Florida Deceptive and Unfair Trade Practices Act.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The lawsuit survived a motion to dismiss and, following two attempts at mediation, an agreement in principle was reached on December 18, 2024, to settle the litigation. In the following months, the details of the agreement were finalized, and the settlement has now received preliminary approval from a federal judge. Under the terms of the settlement, ILS will establish a $14 million settlement fund to cover attorneys’ fees, legal costs and expenses, class representative awards, and settlement administration costs. After those costs and expenses have been deducted, the remainder of the settlement fund will cover claims from class members – individuals who received a notification letter about the data breach. According to the lawsuit, approximately 3.9 million individuals are eligible to submit claims.
Claims may be submitted for up to $5,000 to cover documented, unreimbursed losses due to the data breach, and for cash payments. Class members may choose one of two cash payments, one for non-California residents and one for non-California residents. Class members who lived in California at the time of the data breach qualify for two pro rata shares of the remaining settlement fund. Any remaining funds after all costs and expenses, claims, and cash payments have been deducted will be distributed cy pres to the Alzheimer’s Association. In addition to the settlement, ILS has represented that it has made improvements to its business practices and data security measures that have cost in excess of $2 million
