25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Dameron Hospital Settles Class Action Data Breach Lawsuit For $650,000

Posted By on Apr 23, 2025

Dameron Hospital in California has agreed to pay $650,000 to settle litigation arising from a cyberattack and data breach that occurred on or around December 2023. Dameron Hospital, a 200+ bed hospital in Stockton, California, announced in December 2023 that it was investigating a cyberattack that had disrupted critical systems. A lawsuit, Carmona v. Dameron Hospital Association d/b/a Dameron Hospital, was filed on January 15, 2024, in response to the incident before any notification letters were issued.

The lawsuit claims the information compromised in the incident included names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, payment/account information, health insurance information, and medical information. As of April 23, 2025, no breach report is listed on the HHS’ Office for Civil Rights breach portal under the name Dameron Hospital or Dameron Hospital Association. The lawsuit claims the defendant failed to implement and maintain reasonable network safeguards, did not comply with industry-standard cybersecurity practices, did not encrypt sensitive data, or provide adequate training to staff members, and when the breach occurred, it was not detected in a timely manner.

The lawsuit asserted claims of negligence and negligence per se, breach of implied contract, breach of fiduciary duty, unjust enrichment, and violations of the California Customer Records Act, California Consumer Privacy Act, California Consumer Legal Remedies Act, California Confidentiality of Medical Information Act, and California Unfair Competition Law. Dameron Hospital denied and continues to deny all claims and maintains there was no wrongdoing; however, a settlement was negotiated to avoid further legal costs and the uncertainty and risks associated with continuing the litigation.

Under the terms of the settlement, class members may submit a claim for reimbursement of up to $5,000 for unreimbursed economic losses caused by the data breach, and free 3-bureau credit monitoring services for 12 months. Alternatively, class members may choose to receive a cash payment of $50 for non-California residents and $100 for California residents. The final fairness hearing has been scheduled for May 29, 2025.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist