Health Aid of Ohio Settles Class Action Data Breach Lawsuit

Health Aid of Ohio has agreed to settle a class action lawsuit to resolve claims that it failed to protect the sensitive personal information of its customers.

Health Aid of Ohio is a Parma, OH-based full-service home medical equipment provider. On February 19, 2021, Health Aid discovered hackers had gained access to its network and viewed and removed files containing sensitive customer information. The files contained information such as name, telephone number, Social Security number, date of birth, medical diagnosis, insurance information, and the type of equipment that was delivered or repaired. Notifications were issued to affected customers in May 2021. The data breach affected 141,149 individuals.

A lawsuit was filed on behalf of affected individuals, which alleged Health Aid had failed to implement reasonable cybersecurity measures to ensure the confidentiality of customer data. The lawsuit alleged negligence, unjust enrichment, invasion of privacy, and other claims.

Health Aid admitted no wrongdoing but decided to settle the lawsuit to resolve all claims related to the data breach. Under the terms of the settlement, any individual affected who had their Social Security number exposed is entitled to a cash payment of up to $250 and can submit a claim for out-of-pocket expenses, including credit monitoring costs, and up to four hours of lost time at $15 per hour. Documentation must be submitted to support any claim. Any individual who can provide documentation that proves they were a victim of fraud can submit a claim of up to $2,500. Claims must be submitted by August 22, 2022, and the deadline for exclusion or objection is July 22, 2022.

Please see the HIPAA Journal Privacy Policy

Regardless of the types of information exposed in the data breach, all class members are entitled to a 12-month complimentary membership to credit monitoring and identity theft restoration service. Health Aid has also agreed to implement a range of additional safeguards to better protect customer information in the future and will undergo annual security risk assessments in 2022 and 2023 to determine whether further security enhancements can be made.

The final approval hearing for the settlement has been scheduled for Sept. 20, 2022.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.