Tennessee Orthopaedic Clinics Settles Class Action Data Breach Lawsuit
Knoxville, TN-based Tennessee Orthopaedic Clinics has agreed to settle a class action lawsuit that was filed in response to a March 2023 cyberattack and data breach that affected 46,679 individuals. The information exposed included names, contact information, dates of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information, and/or health insurance information.
The affected individuals were notified about the breach in early May, and a class action lawsuit was rapidly filed that claimed Tennessee Orthopaedic Clinics was negligent by failing to implement reasonable and appropriate cybersecurity measures. According to the lawsuit, the data breach could have been prevented if those measures had been implemented. Tennessee Orthopaedic Clinics chose to settle the lawsuit with no admission of wrongdoing to avoid further legal costs and the uncertainty of trial. Under the terms of the settlement, individuals who were notified about the data breach may submit claims for ordinary expenses such as communication charges, credit expenses, bank fees, and lost time (max 3 hours at $20 per hour) up to a maximum of $1,500.
Claims of up to $4,000 may also be submitted for documented extraordinary expenses such as losses due to fraud or identity theft between March 20, 2023, and April 8, 2024, provided the claimant made reasonable efforts to avoid those losses and those losses have not already been reimbursed. All class members are also entitled to two years of single bureau credit monitoring and identity theft protection services. The deadline for exclusion or objection to the settlement has passed, and the final approval hearing was scheduled for March 14, 2024. Class members wishing to submit claims must do so by April 8, 2024.
