Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

A $9.76 million settlement proposed by Solara Medical Supplies to resolve a class action lawsuit related to a 2019 data breach has received preliminary approval from the court.

Solara Medical Supplies, which provides products and services to help people manage their diabetes, was the victim of a phishing attack that saw employees’ Microsoft Office 365 email accounts accessed by unauthorized individuals between April 2, 2019, and June 20, 2019.

The email accounts contained the protected health information of patients and sensitive employee information, including names, dates of birth, billing and claims information, health insurance information, medical information, financial account information and credit card numbers, Social Security numbers, driver’s license numbers, state ID numbers, and Medicare/Medicaid IDs. The breach was reported to the HHS’ Office for Civil Rights as affecting 114,007 individuals.

Legal action was taken on behalf of the individuals affected by the breach, with the class including all individuals residing in the United States and its territories who were notified in November 2019 that their information had been exposed. The plaintiffs alleged Solara Medical Supplies was negligent for failing to prevent the breach.

Solara Medical Supplies denies any wrongdoing and liability and believes there are meritorious defenses and legal challenges to the plaintiffs’ claims; however, agreed to settle the lawsuit to prevent further legal costs and to avoid the uncertainty of litigation.

Under the terms of the settlement, a fund of $5.06 million will be created to cover costs associated with the administration of the settlement, attorneys’ fees, and payments to class members. All individuals who submit a valid claim will be eligible to receive a cash payment of $100, which may be adjusted up or down depending on the number of individuals who submit a claim.

Solara Medical Supplies has committed to taking steps to improve security to prevent further data breaches, such as implementing systems for detecting suspicious activity, multifactor authentication, improvements to email filtering, and other security measures, which have been estimated to cost $4.7 million over the next 5 years.

The settlement has received preliminary approval from the court and a final hearing for the settlement has been scheduled for September 12, 2022. The deadline for submitting a claim is August 8, 2022, and the deadline for objecting to the settlement or requesting to be excluded from the settlement is August 22, 2022.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.