Marietta Area Health Care Settles Class Action Data Breach Lawsuit for $1.75 Million
Marietta Area Health Care, an Ohio-based not-for-profit health system that does business as Memorial Health System, has proposed a $1.75 million settlement to resolve a class action lawsuit that alleged it failed to protect patient health information, resulting in a cyberattack and data breach.
Malware was detected within its network on August 14, 2021, and the investigation determined hackers had access to its IT systems between July 10, 2021, and Aug. 15, 2021, and it was confirmed in mid-September that patient data had potentially been viewed or acquired in the attack. The review of the affected files was completed on November 1, 2021, when it was confirmed that the HIPAA protected health information of more than 215,000 patients had been exposed, including names, addresses, Social Security numbers, medical/treatment information, and health insurance information. Affected patients were notified in January 2022 and were offered complimentary credit monitoring services.
A lawsuit – Tucker v. Marietta Area Health Care d/b/a Memorial Health System – was filed in the U.S. District Court for the Southern District of Ohio that alleged the defendants failed to implement reasonable and appropriate security measures to ensure the confidentiality of patient data. Had those measures been implemented, the cyberattack could have been prevented.
Rather than continue to fight the lawsuit and face the expense and uncertainty of trial, Marietta Area Health Care proposed a settlement to resolve all claims related to the cyberattack and data breach with no admission of wrongdoing. Under the terms of the settlement, class members – all individuals who were notified by mail about the cyberattack – may submit claims and receive up to $5,000 as compensation for out-of-pocket expenses incurred as a result of the data breach, including bank fees, credit expenses, reimbursement for up to four hours of lost time at $25 per hour, and any unreimbursed losses to identity theft and fraud. After claims have been covered, all class members are eligible to receive a share of any remaining settlement funds, which are anticipated to be around $50.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Claims must be submitted by October 15, 2023. The final approval hearing has been scheduled for December 4, 2023.
