Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit
A settlement has been agreed to resolve a class action lawsuit against Retina Group of Washington over a March 2023 data breach that involved unauthorized access to the protected health information of 455,935 individuals. Under the terms of the settlement, a $3.6 million fund will be created to cover claims, attorneys’ fees, and legal costs and expenses.
On December 22, 2023, Retina Group of Washington, a healthcare provider with eye care clinics in Maryland and Virginia, issued notifications about a ransomware attack on March 26, 2023. The hackers encrypted files and stole data such as names, addresses, telephone numbers, email addresses, dates of birth, demographic information, Social Security numbers, driver’s license numbers, medical record numbers, health information, payment information, and health insurance information.
Seven lawsuits were filed in response to the data breach, which were consolidated into a single lawsuit – In re: Retina Group of Washington Data Security Incident Litigation – in the United States District Court for the District of Maryland. The plaintiffs asserted several claims, including negligence for failing to implement reasonable and appropriate safeguards to protect sensitive data against unauthorized access and for not following industry-standard cybersecurity best practices. Retina Group of Washington maintains there was no wrongdoing but agreed to a settlement to avoid further litigation costs and the risks and uncertainties of trial. Under the terms of the settlement, class members may submit claims for reimbursement of unreimbursed losses incurred as a result of the data breach.
Class members may submit a claim for reimbursement of losses and credit monitoring services, or may alternatively claim a cash payment. The cash payment is anticipated to be around $100 and will be paid pro rata. The cash payment may be higher or lower depending on the number of valid claims received. Class members wishing to submit a claim for reimbursement of losses may claim up to $300 for documented unreimbursed ordinary losses, including up to 4 hours of lost time at $25 per hour. Claims may also be submitted to recover extraordinary losses, such as losses due to identity theft and fraud, up to a maximum of $5,000 per class member. Individuals who submit a valid claim for reimbursement of ordinary and/or extraordinary losses may also claim 3 years of three-bureau credit monitoring services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for June 9, 2025. The deadline for exclusion from the settlement and objection to the settlement is May 27, 2025, and the deadline for submitting claims is June 23, 2025. The plaintiffs are represented by Ben Barrow of Barnow and Associates PC, Gary M. Klinger of Millberg Coleman Bryson Phillips Grossman PLLC, and Tyler J. Bean of Siri & Glimstad LLP.
