25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Calibrated Healthcare Settles Class Action Data Breach Lawsuit

Calibrated Healthcare Systems, LLC, and Calibrated Healthcare, LLC, have agreed to settle a class action lawsuit stemming from a February 2024 security incident that exposed patient information.

Calibrated Healthcare identified a security incident on February 26, 2024, and its investigation determined that there had been unauthorized access to its network between February 25, 2024, and February 26, 2024. While data theft was not confirmed, Calibrated Healthcare said data theft was likely. Data compromised in the incident included names, dates of birth, medical diagnosis/treatment information, and health insurance information.

The data breach was reported to the HHS’ Office for Civil Rights (OCR) as involving the protected health information of 6,890 individuals, and the affected individuals were notified on or around August 2, 2024. Two putative class action lawsuits were filed in response to the data breach: Adams v. Calibrated Healthcare Systems, LLC, et al and Holden v. Calibrated Healthcare, LLC, which were consolidated in the District Court for the Central District of California, Southern Division – Adams, et al. v. Calibrated Healthcare Systems, LLC, et al.

The consolidated lawsuit alleged that the data breach was due to the defendants’ negligence and should have been prevented. The lawsuit asserted claims for negligence, invasion of privacy, breach of contract, breach of implied contract, unjust enrichment, and violations of the California Unfair Competition Law Bus. & Prof. Code for unlawful, fraudulent, and unfair business practices, violation of the California Consumers Legal Remedies Act, and violation of the California Consumers Legal Remedies Act.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The defendants deny all claims and contentions in the lawsuit, including claims of fault, wrongdoing, and liability. The parties attended mediation, and while a settlement was not agreed during mediation, settlement negotiations continued, and a settlement acceptable to all parties has now been agreed. The settlement has received preliminary approval from the court.

While the OCR breach portal still lists the incident as involving the protected health information (PHI) of 6,890 individuals, there are 34,562 individuals in the settlement class. The settlement provides all class members with two years of medical monitoring and identity theft insurance services, and a monetary payment of between $21.44 and $28.68, depending on the number of valid claims received for reimbursement of out-of-pocket costs and lost time.

Class members may claim up to seven hours of documented lost time due to the data breach at $25 per hour (Maximum $175 per class member). A claim may also be submitted for reimbursement of documented losses fairly traceable to the data breach up to a maximum of $5,000 per class member. Claims must be submitted by July 9, 2026, and the final fairness hearing has been scheduled for August 13, 2026.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist