Dental Care Alliance Settles Class Action Data Breach Lawsuit for $3 Million

Dental Care Alliance has agreed to settle a class action lawsuit filed in response to a data breach that affected more than 1.7 million individuals. A fund of $3 million has been created to cover claims from individuals affected by the breach.

Dental Care Alliance, LLC, is a Sarasota, FL-based dental support organization with more than 320 affiliated dental practices across 20 states. Dental Care Alliance said its systems were compromised on September 18, 2020, the breach was detected on October 11, 2020, and was contained on October 13, 2020. The forensic investigation confirmed that names, addresses, diagnoses, treatment information, patient account numbers, billing information, dentists’ names, payment card information, and health insurance information had potentially been compromised. Individuals were notified about the breach in December 2020.

The breach report submitted to the HHS’ Office for Civil Rights initially indicated 1,004,304 individuals had been affected, but it was later amended to 1,723,375 individuals. Dental Care Alliance said no specific evidence of data theft was found and it was unaware of any misuse of patient data. Despite highly sensitive information being involved, credit monitoring services were not offered.

A lawsuit – Paras v. Dental Care Alliance, LLC, Case No. 22-ev-000181 – was filed in the State Court of Fulton County, Georgia, on behalf of individuals affected by the data breach. Dental Care Alliance was alleged to have failed to adequately secure patient information and the plaintiffs claimed that had reasonable cybersecurity measures been implemented, the data breach would have been prevented. The plaintiffs alleged that they face an increased risk of identity theft and fraud due to the negligence of Dental Care Alliance and that their sensitive personal and protected health information is now in the hands of data thieves.

Please see the HIPAA Journal Privacy Policy

Dental Care Alliance has proposed a settlement to resolve claims related to the data breach but has not admitted any wrongdoing. Under the terms of the settlement, a fund of $3 million will be created to cover claims from affected individuals, and 2 years of identity theft protection services are being offered to all affected individuals. Those services include dark web monitoring and coverage by a $1 million identity theft insurance policy.

All class members are entitled to submit claims of up to $2,000 for documented losses due to the data breach, and up to two hours of lost time at $20 per hour. Individuals part of a settlement subclass can submit additional claims for up to $3,000 for documented losses and an additional two hours of lost time. The cap for claims is $3,000,000, so claims will be paid pro rata if that figure is exceeded. The attorneys for the plaintiffs will ask the court to award fees of $850,000 and payments of $1,500 for the class representatives. Under the terms of the settlement, Dental Care Alliance has committed to implementing additional data security measures.

The final approval hearing for the settlement is scheduled for Sept. 1, 2022. The deadline for opting out of the settlement – July 26, 2022 – has now passed. Claims must be submitted no later than August 25, 2022.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.