Judge Approves $1.5 Million One Brooklyn Health Data Breach Settlement
The Supreme Court of New York has granted preliminary approval of a $1.5 million settlement to resolve a class action lawsuit filed against One Brooklyn Health over a November 2022 cyberattack that resulted in the theft of sensitive patient data. Multiple lawsuits were filed over the data breach which were combined into a single action on December 15, 2023, as the lawsuits made similar claims and were based on the same facts. Benjamin F. Johns of Shub & Johns LLC and Ben Barrow of Barnow and Associates, P.C. were appointed class counsel.
After engaging in lengthy discussions and months of arms-length negotiations, a tentative settlement was agreed by all parties. The plaintiffs filed a motion for preliminary approval of a $1.5 million settlement on September 5, 2024, attorneys attended a hearing on the motion on October 23, 2024, and on November 8, 2024, Judge Carolyn E. Wade granted that motion, giving her preliminary approval of the settlement.
A final approval hearing has been scheduled for February 26, 2025. Claims may be submitted until March 10, 2025, the deadline for objecting to excluding yourself from the settlement is January 26, 2025. Further information is available on the settlement site https://obhsettlement.com/
May 1, 2023: One Brooklyn Health Sued Over 235K-Record Data Breach
One Brooklyn Health, a New York City-based network of three acute care hospitals – Brookdale Hospital Medical Center, Interfaith Medical Center, and Kingsbrook Jewish Medical Center – is facing a class action lawsuit over a data breach discovered in November 2022.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
On November 19, 2022, One Brooklyn Health identified suspicious activity within its computer network. The network was immediately secured, and the forensic investigation confirmed that an unauthorized third party had intermittently accessed its network between July 9, 2022, and November 19, 2022. The document review took until March 21, 2023, and HIPAA notification letters were sent on April 20, 2023. The information exposed and potentially stolen in the attack included names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions, health insurance information, and Social Security numbers. More than 235,000 patients were affected.
On April 26, 2023, a lawsuit was filed in the Supreme Court of the State of New York, County of Kings, on behalf of plaintiff Kiya Johnson and similarly situated individuals by the law firms Wittels McInturff Palikovic and Shub & Johns LLC. The lawsuit alleges One Brooklyn Health knew that it stored sensitive patient information and that it was a target for cybercriminals and that it was obligated under the Health Insurance Portability and Accountability Act to protect that data yet failed to implement reasonable and appropriate security measures thus allowing unauthorized individuals to access its network and steal patient data.
The lawsuit alleges the plaintiff and class members have had to spend considerable time and money protecting themselves against misuse of their protected health information and that they have and will continue to suffer harm and have been placed at an imminent, immediate, and continuing risk of identity theft and fraud. The lawsuit states 8 causes of action: negligence (plaintiff and class), negligence per se, breach of fiduciary duty, breach of confidence, intrusion upon seclusion/invasion of privacy, breach of implied contract, unjust enrichment, and violations of New York General Business Law.
The lawsuit seeks class action status, a jury trial, damages, restitution, and injunctive relief, with the latter including improvements to data security practices.
