Practice Resources Agrees to $1.5 Million Data Breach Settlement
The New York-based management service organization, Practice Resources LLC, has agreed to pay $1.5 million to resolve a class action lawsuit that was filed in response to a 2022 hacking incident that affected more than 942,000 individuals.
Syracuse, NY-based Practice Resources provides billing and other professional services to healthcare organizations. On April 12, 2022, the company experienced a ransomware attack that involved unauthorized access to sensitive information such as names, addresses, dates of treatment, health plan numbers, Medicare/Medicaid numbers, and medical record numbers. The data breach affected patients of at least 28 of its healthcare clients, and the incident was reported to the HHS’ Office for Civil Rights as affecting 942,138 individuals.
Several lawsuits were filed in response to the data breach, which were consolidated in the U.S. District Court for the Northern District of New York – In re Practice Resources LLC Data Security Breach Litigation. The plaintiffs alleged that their data was compromised in the cyberattack, and data theft could have been prevented if Practice Resources had implemented reasonable and appropriate cybersecurity measures and followed industry best practices. The lack of those measures amounted to negligence, according to the plaintiffs.
Practice Resources maintains there was no wrongdoing and denies all allegations and contentions, maintaining there was no evidence that any data was actually stolen in the attack; however, the decision was taken to settle the litigation. Practice Resources has agreed to establish a $1.5 million settlement fund to cover attorneys’ fees, service awards, legal costs and expenses, and class members’ claims. Attorneys’ fees will be one-third of the settlement fund, litigation costs and expenses total $19,253.46, and each named plaintiff is eligible to receive a service award of $2,500. The class consists of individuals who were sent a notification letter about the data breach on August 23, 2022.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members may submit a claim for reimbursement of documented losses up to a maximum of $5,000 per class member. Class members may also choose to receive up to three years of complimentary credit monitoring and identity theft protection services or a cash fund payment. The cash payments will be paid pro rata after all costs, expenses, and claims have been paid. Practice Resources has also implemented a range of measures to enhance security and prevent similar security incidents in the future. The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for June 11, 2025.
