Mission Community Hospital Pays $1.55M to Settle Data Breach Lawsuit
Deanco Healthcare, LLC, the operator of Mission Community Hospital, an acute care hospital serving patients in the San Fernando Valley in California, has agreed to a settlement to resolve claims stemming from a cyberattack that was discovered by the hospital on May 1, 2023.
According to the forensic investigation, the unauthorized access started the same day, and while the attack was quickly identified and contained, the threat actor exfiltrated files containing patient data such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and financial account information. The Ransomhouse ransomware group took responsibility for the attack and claimed to have exfiltrated around 2.5 terabytes of data. The data breach was reported to the HHS’ Office for Civil Rights as affecting 269,547 individuals.
Two class action lawsuits were filed in response to the data breach in the Superior Court of California for the County of Los Angeles, which were consolidated into a single action – Concepcion et al. v. Deanco Healthcare – as they had overlapping claims. The consolidated lawsuit claimed that the defendant was negligent and should have prevented the cyberattack and data breach. The claims were denied by the defendant, which maintains that there was no wrongdoing and that there is no liability. All parties ultimately agreed to a settlement to avoid the costs of continued litigation and the uncertainty of a trial.
Mission Community Hospital in California has agreed to pay $1.546,409.42 to settle the lawsuit. Class members – individuals who were notified by Mission Community Hospital, Deanco Healthcare, or a Deanco affiliate that they had been affected by the incident – may claim one or more benefits, which will be paid after attorneys’ fees and expenses ($541,243.30 + up to $50,000), settlement administration costs (up to $235,400), and service awards for the class representatives ($2,000 each; $4,000 total) have been paid. Should claims exceed the residual funds, they will be paid pro rata.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members are entitled to claim a two-year membership to a medical data monitoring service, and California residents at the time of the data breach may claim a $100 statutory payment. In addition, a claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. A claim may also be submitted for a cash payment, which will be paid pro rata from the residual funds after the above benefits have been paid. The deadline for objection and opting out is July 13, 2026. The deadline for filing a claim is August 12, 2026, and the final approval hearing has been scheduled for September 9, 2026.
