Mystic Valley Elder Services Agrees to Settle Class Action Data Breach Lawsuit for $520,000
The Malden, Massachusetts-based Mystic Valley Elder Services has agreed to pay $520,000 to settle a consolidated class action lawsuit stemming from an April 5, 2024, data breach. Unauthorized individuals gained access to the network of Mystic Valley Elder Services and potentially obtained the names, dates of birth, passport numbers, financial account numbers, payment card numbers, online credentials, taxpayer identification numbers, Social Security numbers, driver’s license numbers, health insurance information, and medical information of more than 89,600 individuals.
Five class action complaints were filed in response to the data breach, which were consolidated in the Middlesex County Superior Court in Massachusetts. The consolidated class action lawsuit – In re Mystic Valley Elder Services Inc. – alleged that the data breach occurred as a result of cybersecurity failures, Mystic Valley Elder Services failed to detect the unauthorized activity in a timely manner, and did not send timely notifications to the affected individuals, who did not learn about the data breach until 6 months later.
The lawsuit asserted claims of negligence, breach of implied contract, breach of fiduciary duty, unjust enrichment, and violations of the Massachusetts Consumer Protection Act. The lawsuit sought injunctive relief, including an order from the court prohibiting the transmission of sensitive data via unencrypted email, storing protected health information in email accounts, and requiring a host of security measures to be implemented to ensure the privacy and security of patient data. Mystic Valley Elder Services denies all liability and wrongdoing.
While the lawsuit sought a jury trial; however, following mediation, all parties agreed to a settlement to avoid the cost, time, and uncertainty of a trial and related appeals. The settlement fund will be used to cover attorneys’ fees and expenses, settlement administration and notice costs, and service awards for the class representatives. The remainder of the settlement will be used to pay benefits to the class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members may claim a pro rata cash payment, estimated to be approximately $75 per class member. A claim may also be submitted for reimbursement of documented, unreimbursed losses due to the data breach, up to a maximum of $5,000 per class member. The settlement also includes two years of credit monitoring and identity theft protection services. The final fairness hearing has been scheduled for February 17, 2026. Claims must be submitted by February 9, 2026.
