25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

U.S. Fertility Proposes $5.75 Million Settlement to Resolve Class Action Data Breach Lawsuit

Posted By on Feb 7, 2024

US Fertility LLC, the operator of more than 100 fertility clinics across the United States, has proposed a $5.75 million settlement to resolve a class action lawsuit that was filed in response to a data breach that exposed the data of around 900,000 patients.

U.S. Fertility announced in November 2020 that hackers had gained access to its network and installed malware (ransomware) that rendered certain systems inaccessible. The breach was detected on September 14, 2020; however, the hackers first gained access to the network on August 12, 2020. Before encrypting files, the hackers exfiltrated sensitive patient data including names, addresses, dates of birth, MPI numbers, Social Security numbers, medical information, and financial information.

A class action lawsuit was filed that alleged U.S. Fertility was negligent by failing to implement reasonable and appropriate cybersecurity measures to protect highly sensitive patient data from unauthorized access. Had those measures been implemented, the breach could have been prevented or its severity would have been severely reduced. U.S. Fertility maintains there was no wrongdoing but decided to settle the lawsuit.

Under the settlement terms, all class members are entitled to a $50 cash payment. Class members whose data was stolen from a California clinic will be entitled to claim an additional cash payment of $200. Claims may also be submitted for up to 4 hours of lost time at $25 per hour, and unreimbursed out-of-pocket losses can be claimed and will be paid up to a maximum of $15,000 per claimant. Claims for reimbursement of losses must be supported by receipts, account statements, IRS documents, police reports, FTC reports, professional invoices, and other documentation. The cash payments may be reduced and paid pro-rata depending on the number of claims submitted.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Individuals who wish to object to the settlement or exclude themselves have until February 20, 2024, to do so. All claims must be submitted by March 19, 2024. The final settlement hearing has been scheduled for April 18, 2024.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist