Akumin Agrees to Pay $1.5 Million to Settle Class action Data Breach Lawsuit
Akumin, a Florida-based provider of outpatient radiology and oncology services with locations in more than 20 U.S. states, has agreed to settle a class action lawsuit stemming from an October 2023 cybersecurity incident.
Akumin identified suspicious network activity on October 11, 2023, and confirmed that a threat actor accessed its network on October 11, 2023, and used ransomware to encrypt files. The files potentially accessed and/or copied by the threat actor included patient and employee information such as names, contact information, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, medical record numbers, Medicare/Medicaid numbers, financial account information, health information, occupational health information, medical images, biometric information, billing and claims information, health insurance information, electronic signatures and other sensitive data.
The security incident was announced by Akumin on its website on October 12, 2023, and the data breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 7,127 individuals. Notification letters were sent to those individuals on December 29, 2023, and around a year later, on December 23, 2024, notification letters were mailed to the further affected individuals.
Several class action lawsuits were filed against Akumin over the data breach, which were consolidated into a single lawsuit – Gina Letizio, et al. v. Akumin Operating Corp. – in the Circuit Court of the 17th Judicial Court in and for Broward County, Florida. The consolidated lawsuit asserted claims of negligence, negligence per se, breach of implied contract, breach of fiduciary duty, breach of confidence, unjust enrichment, and declaratory judgment. Akumin denies any wrongdoing and maintains there is no liability but chose to settle the lawsuit to avoid the litigation costs and expenses, distractions, burden, and disruption to its business operations associated with continuing with the litigation. The plaintiffs believe their claims are valid but agreed to settle the lawsuit for similar reasons.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Under the terms of the settlement, Akumin has agreed to establish a $1.5 million settlement fund to cover attorneys’ fees and expenses, settlement administration costs, and service awards for each of the named plaintiffs. After those costs have been paid, the remaining funds will be used to pay benefits to the class members. All class members are entitled to submit a claim for a cash payment to reimburse them for documented, unreimbursed losses due to the data breach up to a maximum of $2,500 per class member. In addition to the cash payment, class members may also claim one year of free medical data monitoring services.
The deadline for objection to and exclusion from the settlement is November 30, 2025, and claims must be submitted by the same date. The settlement has received preliminary approval from the court, and the final approval hearing has been scheduled for December 15, 2025. Further information can be found on the settlement website, https://akumindataincidentsettlement.com/
