25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Kaye-Smith Settles Class Action Data Breach Lawsuit for $2 Million

Posted By on Dec 11, 2024

The marketing company and mailing vendor, Kaye-Smith Enterprises, has agreed to settle a class action lawsuit filed in response to a 2022 cyberattack and data breach. Hackers gained access to its systems, used ransomware to encrypt files, and potentially exfiltrated sensitive data.

Several healthcare providers were affected by the incident, including MultiCare Health System, St. Luke’s Health System, UW Medicine, Delta Dental of Washington, Geisinger Health System and Seattle Children’s Hospital.

Several class action lawsuits were filed in response to the breach, which were consolidated into a single action – Smith, et al. v. Kaye-Smith Enterprises Inc.- in the U.S. District Court of Oregon. The plaintiffs asserted a variety of claims related to the failure to protect sensitive data. Kaye-Smith maintains there was no wrongdoing; however, the decision was taken to settle the lawsuit to avoid further legal costs and the uncertainty of trial.

The $2 million settlement includes benefits for consumers whose personal and protected health information was compromised in the attack and compensation for businesses that suffered losses due to the data breach.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Individuals who had their sensitive information compromised may submit claims for up to $2,500 to recover document losses, including time and money spent mitigating data breach (up to 5 hours at $25 per hour), the cost of credit monitoring services, and losses to identity theft and fraud. Alternatively, individuals may choose to receive a cash payment of $500. Regardless of the option chosen, class members will also benefit from 12 months of complimentary credit monitoring services.

Businesses may also submit claims for losses due to the data breach and while there is no limit on the amount that may be claimed, they will be paid after legal expenses, attorneys’ fees, class representative awards, and consumer claims have been paid, with the amount paid depending on the remainder of the settlement fund. Kaye-Smith has also agreed to update its business and cybersecurity practices to better protect the data it stores. The deadline for objecting to the settlement is December 26, 2024, and the final approval hearing is scheduled for January 7, 2025.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist