Essen Medical Associates Agree to $4 Million Settlement to Resolve Class Action Data Breach Lawsuit
Essen Medical Associates has agreed to pay $4,000,000 to resolve class action litigation over a March 2023 cyberattack and data breach that affected 904,672 current and former patients. Essen Medical, a New York-based healthcare provider, experienced a cyberattack that saw hackers access its network between March 14, 2023, and March 22, 2023.
Data exposed in the incident included personally identifiable information and protected health information such as names, driver’s license numbers/state identification numbers, U.S. alien registration numbers, non-U.S. identification numbers, passport numbers, financial account information, dates of birth, Social Security numbers, medical treatment information, and health insurance information.
The data breach sparked several class action lawsuits, which were consolidated – Rivera, et al. v. Essen Medical Associates, P.C – in the Supreme Court of the State of New York, County of Bronx. The consolidated lawsuit alleged that the cyberattack was preventable and was the result of the defendant’s failure to implement adequate and appropriate cybersecurity procedures and protocols. The lawsuit claimed that the defendants recklessly maintained data on systems vulnerable to cyberattacks.
The lawsuit asserted claims for negligence, breach of implied contract, breach of fiduciary duty, unjust enrichment, and violation of the New York Deceptive Trade Practices Act. Essen Medical denies all charges of wrongdoing or liability, and all claims or contentions alleged against it. All parties agreed that a settlement was the best outcome, and class counsel and the six class representatives believe that the settlement is fair. The settlement has recently received preliminary approval from the court and awaits final approval.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Under the terms of the settlement, Essen Medical will establish a $4,000,000 settlement fund to cover attorneys’ fees and expenses, service awards for the class representatives, and all costs related to the settlement. The attorneys’ fees will be no more than 33.33% of the settlement fund, and the service awards will be no more than $3,000 per class representative. The remainder of the fund will be used to pay for class member benefits.
Class members may submit a claim for documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. In addition, a claim may be submitted for a cash payment of up to $100 per class member. The deadline for objecting to the settlement and exclusion is May 4, 2026. Claims must be submitted by June 1, 2026, and the final fairness hearing has been scheduled for July 7, 2026.
