Mulkay Cardiology Consultants Agrees Settlement to Resolve Ransomware-related Lawsuit
In Early November 2023, Mulkay Cardiology Consultants in New Jersey announced it had fallen victim to a ransomware attack that involved unauthorized access to the protected health information of up to 79,582 individuals. Legal action was taken by victims of the breach and a settlement has been agreed to bring the litigation to an end.
The forensic investigation determined a threat actor had access to its network from September 1 through September 5, 2023, and exfiltrated files containing patient data. The stolen data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers or state IDs, medical treatment information, and health insurance information. The NoEscape ransomware group claimed responsibility for the attack and started leaking the stolen data on its dark web data breach site, although the listing was later removed.
Multiple class action lawsuits were proposed in response to the breach which were consolidated into a single lawsuit – Wilkins, et al. v. Mulkay Cardiology Consultants at Holy Name Medical Center PC, et al – which was filed in the New Jersey Superior Court of Bergen County on February 16, 2024. The lawsuit asserted several claims, including negligence for failing to implement reasonable and appropriate safeguards to protect sensitive personal and protected health information stored on its network. Mulkay Cardiology Consultants denies each and all claims and contentions in the action; however, the decision was taken to settle the lawsuit with no admission of wrongdoing or liability to avoid the costs and risks associated with continuing with the litigation.
Under the terms of the settlement, class members may submit claims for reimbursement of ordinary expenses incurred as a result of the data breach up to a maximum of $500 per class member, which includes documented communication charges, credit-related expenses, unreimbursed bank fees, and up to 3 hours of lost time at $25 per hour. Claims may also be submitted for extraordinary losses due to identity theft and fraud up to a maximum of $5,000 per class member. Class members may choose a cash payment of $48 instead of submitting a claim and all class members are eligible to receive two years of complimentary credit monitoring services. The settlement has received preliminary approval, and claims must be received by February 22, 2024. The final fairness hearing has been scheduled for April 11, 2025.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
