Tampa General Hospital Settles Data Breach Lawsuit for $6.8M
Tampa General Hospital has agreed to pay $6,800,000 to resolve a class action lawsuit related to a 2023 cyberattack that involved unauthorized access to systems containing the protected health information of more than 2 million patients.
The intrusion was detected on May 31, 2023, and the forensic investigation confirmed that hackers had access to its network for almost three weeks between May 12 and May 30, 2023. During that time the hackers exfiltrated files containing patient data such as names, dates of birth, contact information, Social Security numbers, health insurance information, and limited treatment information. The breach was initially thought to affect around 1.2 million patients but was later reported to the HHS’ Office for Civil Rights as affecting up to 1,313,636 patients. The breach report was then amended to state that up to 2,430,920 individuals had been affected.
Several class action lawsuits were filed and consolidated into a single action – DiPierro, et al. v. Florida Health Sciences Center Inc. d/b/a Tampa General Hospital – in the 13th Judicial Circuit Court for Hillsborough County, Florida. Tampa General Hospital was alleged to have been negligent by failing to implement reasonable and appropriate cybersecurity measures to prevent unauthorized access to patient data, and if those measures had been implemented, the data breach could have been prevented. Tampa General Hospital maintains there was no wrongdoing; however, agreed to a settlement to bring the litigation to an end to prevent further legal expenses and avoid the uncertainty of trial.
Under the terms of the settlement, a fund of $6.8 million will be created to cover attorneys’ fees, legal costs and expenses, claims for reimbursement of losses, and cash awards for class members. Individuals who received notification letters from Florida Health Sciences Center about the data breach may choose to submit claims to recover losses incurred as a result of the data breach or alternatively receive a cash payment.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
If the former benefits are chosen, class members may submit claims for reimbursement of documented ordinary losses up to $1,500, documented extraordinary losses up to $7,500, and up to four hours of lost time spent dealing with the data breach at a rate of $25 per hour. If the cash award is chosen, class members can choose to receive a flat payment of $125. These payments will be subject to pro rata adjustments depending on the number of claims received and the amount claimed. In addition to the above benefits, the settlement includes one year of free three-bureau credit monitoring services for all class members.
The settlement has received preliminary approval from the court and the deadline for objection to and exclusion from the settlement has passed. Claims must be submitted by January 12, 2025, and the final approval hearing has been scheduled for February 3, 2025. Further information is available on the settlement website https://floridahealthsettlement.com/
