Wright & Filippis Proposes $2.9 Million Class Action Data Breach Settlement
Wright & Filippis, a Michigan-based provider of prosthetics, orthopedics, and accessibility solutions, has proposed a $2.9 million settlement to resolve claims it failed to protect the personal information of 877,584 individuals.
In January 2022, Wright & Filippis fell victim to a ransomware attack. Its security software detected the attack but was unable to prevent file encryption. The forensic investigation confirmed the attackers had access to parts of its network containing the protected health information of more than 877,500 individuals, including names, dates of birth, Social Security numbers, financial account numbers, and health insurance information.
Wright & Filippis discovered on or around May 2, 2023, that protected health information had been exposed, and issued notifications to the affected individuals. In the days and weeks following notification, 8 putative class action lawsuits were filed, which were later consolidated into a single lawsuit – In Re Wright & Filippis, LLC Data Security Breach Litigation – that was heard in the U.S. District Court for the Eastern District of Michigan, Southern Division.
The plaintiffs alleged that Wright & Filippis was negligent due to the failure to implement reasonable and appropriate security measures to protect patients’ sensitive data, and then unnecessarily delayed issuing breach notifications. Wright & Filippis denied the allegations. The plaintiffs alleged they had suffered an injury as a result of Wright & Filippis’s negligent acts, including theft of their information, identity theft, imminent injury from fraud, damages from delayed notifications, out-of-pocket expenses, lost time mitigating the effects of the data breach, and increased costs related to reductions in their credit scores, including higher costs for borrowing and insurance.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Legal counsel for the defendant sought to have the case dismissed, and following the response of the plaintiffs, all parties agreed to mediate the case to see if an early resolution could be reached. A $2.9 million settlement was negotiated to cover administrative expenses, notice, costs, and fee and service awards. Under the terms of the settlement, class members can submit a claim for up to $5,000 to cover documented losses and a claim for credit monitoring services. Alternatively, class members can choose to receive a cash payment. The cash payment will come from whatever is left of the settlement fund after class benefits, settlement administration fees, attorneys’ fees and costs, and service awards have been paid. Lead plaintiffs will receive a service award of $1,500.
The settlement is awaiting preliminary approval from the court and a date for a final fairness hearing has been requested. The plaintiffs were represented by attorneys from the Miller Law Firm, Migliaccio & Rathod LLP, Shub & Johns LLC, Milberg Coleman Bryson Phillips Grossman PLLC, Sommers Schwartz, PC, Lynch Carpenter LLP, Adam Taub Assoc. Consumer Law Group, Mason LLP, Aronowitz Law Firm PLLC, Wilshire Law Firm PLC, Zimmerman Reed LLP, and The Johnson Firm.