Great Expressions Dental Centers Settle Data Breach Lawsuit for $2.7 Million
Great Expressions Dental Centers has agreed to settle a class action lawsuit stemming from a 2023 data breach involving the personal and protected health information of 1,925,397 individuals.
Great Expressions Dental Centers, a Bloomfield Hills, MI-based chain of 246 dental practices in 9 U.S. states, experienced a cyberattack in February 2023 that disrupted its IT systems. The hackers had access to its systems for 6 days between February 17 and February 22, 2024, during which time files containing patient data were exfiltrated from its systems. Those files contained information such as names, birth dates, contact information, Social Security numbers, driver’s license numbers, financial account information, credit/debit card numbers, billing records, health insurance information, prescription information, diagnoses, treatment information, x-ray images, and medical and dental histories. Individual notification letters were mailed to the affected individuals in early May 2023.
Several lawsuits were filed in response to the data breach that were consolidated into a single action in the U.S. District Court for the Eastern District of Michigan – In re Great Expressions Data Security Incident Litigation. The plaintiffs alleged Great Expressions Dental Centers failed to implement reasonable and appropriate cybersecurity measures to protect the sensitive data stored on its network. The lack of safeguards meant hackers were able to access its internal network and steal patient data.
Great Expressions Dental Centers denies any wrongdoing but has agreed to settle the lawsuit to bring the litigation to an end and avoid the uncertainty of trial. Under the terms of the settlement, a fund of $2.7 million will be created to cover claims from the plaintiffs and class members, attorneys’ fees, and legal costs. Individuals who received a notification letter from Great Expressions Dental Centers are entitled to benefits. The nature of those benefits depends on whether individuals had their Social Security numbers (SSNs) exposed in the data breach. The SSN subclass is entitled to receive a cash payment of up to $500 in addition to making a claim for ordinary and extraordinary out-of-pocket losses. The cash payments are capped at $300,000 and will be paid pro rata if that total is reached.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
For the SSN subclass, claims may be submitted for up to $500 for ordinary out-of-pocket losses incurred between February 17, 2023, and the claims deadline. Ordinary expenses may include up to 2 hours of lost time at $20 per hour. Claims may be submitted for extraordinary losses up to $5,000, which include unreimbursed losses fairly traceable to the data breach that are not covered under ordinary expenses. Claims for reimbursement of losses should be supported by documentation. The non-SSN subclass may submit a claim for up to 2 hours of lost time at $20 per hour.
The settlement has received preliminary approval from the court and a final fairness hearing has been scheduled for December 12, 2024. The deadline for exclusion from and objection to the settlement has passed; however, claims may be submitted up to November 8, 2024. Class counsel were Patrick A. Barthle II of the Morgan & Morgan Complex Litigation Group and Joseph M. Lyon of the Lyon Firm.
