25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Hapy Bear Surgery Center Agrees to Settle Data Breach Lawsuit

Posted By on Jan 16, 2025

A class action lawsuit filed against Hapy Bear Surgery Center over a December 2023 ransomware attack has been settled for an undisclosed sum. The Tulare, California pediatric dental clinic identified the cyberattack on or around December 27, 2024, and confirmed on March 19, 2024, that names, addresses, medical information, health insurance information, Social Security numbers, and driver’s license numbers had potentially been accessed or stolen. Notification letters were issued in April 2024.

A class action lawsuit – In re: Hapy Bear Surgery Center Data Security Incident Litigation – was filed in California Superior Court for Tulare County over the data breach. The plaintiffs alleged that the dental clinic was negligent by failing to implement appropriate safeguards to ensure the confidentiality of patient data. The lawsuit also asserted claims of breach of implied contract, unjust enrichment, unfair business practices, and a violation of the California Confidentiality of Medical Information Act.

Hapy Bear Surgery Center denies all claims and maintains that it did nothing wrong; however, chose to settle the lawsuit to bring the litigation to an end to prevent further legal costs and avoid the uncertainty of trial. Under the terms of the settlement, class members may submit claims for up to $500 to cover documented ordinary out-of-pocket losses due to the data breach, including credit monitoring costs, credit charges, and up to 4 hours of lost time at $25 per hour. Claims may also be submitted for documented, unreimbursed extraordinary losses such as losses due to identity theft and fraud up to a maximum of $7,500 per class member. Class members who were California residents at the time of the breach can also claim a cash payment of $50.

The settlement also includes two years of three-bureau credit and dark web monitoring services and a $1 million identity theft insurance policy. Hapy Bear has committed to implementing additional data security measures. The settlement has received preliminary approval from the court and claims must be submitted by February 4, 2025. The final approval hearing is scheduled for February 24, 2025.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist