LifeBridge Health Inc. has decided to negotiate a class action lawsuit to settle claims of patients impacted by a data breach it discovered in 2018. The full value of the settlement deal is $9.475 million, including $800,000 in funding to pay for claims of class members.
In March 2018, LifeBridge Health found a malware infection that allowed unauthorized persons to get access to a server hosting its patient registration, electronic health records, and billing systems. Based on the breach investigation, the preliminary attack happened 18 months earlier in September 2016. LifeBridge Health exposed the breach in May 2018, and the healthcare company confirmed the potential compromise of 582,174 patients’ data. The compromised data included names, birth dates, addresses, diagnoses, prescribed medicines, clinical and treatment data, insurance information, and several Social Security numbers.
The law company Murphy, Falcon & Murphy, filed the legal action – Johnson, et al. v. LifeBridge Health, Inc. in the Circuit Court for Baltimore City, MD, on behalf of patients impacted by the occurrence. The two patients referred to in the lawsuit, Darlene Johnson and Jahima Scott, stated that their identities may have been compromised because of the breach, as the two claimed they were affected by credit card fraud soon after the occurrence of the data breach.
The lawsuit claimed class members were exposed to considerable harm and that their personal data and PHI were in the possession of identity thieves, placing them at an instant and continuing risk of identity theft and fraud. The plaintiffs claimed to have encountered monetary deficits, had financial transactions rejected, encountered problems with their email accounts, bogus accounts were generated under their names, and their identities were employed to submit fake claims for unemployment gains and COVID-19 catastrophe small business funding.
The lawsuit claimed LifeBridge Health was at fault for failing to stick to fundamental security procedures, which violated a number of privacy protection regulations in Maryland, which includes the Maryland Personal Data Protection Act, Maryland Social Security Number Privacy Act, and Maryland Consumer Protection Act.
LifeBridge Health didn’t acknowledge any wrongdoing and didn’t take responsibility for the attack, however, it opted to resolve the lawsuit to keep additional legal expenses minimal and the uncertainness of a court trial. Based on the conditions of the negotiation, LifeBridge Health has consented to produce $800,000 in funding to take care of claims from class members and will spend $7.9 million in extra security measures to avoid other data breaches, such as data encryption, network tracking, security awareness program, resource tracking, and multi-factor authentication. The remaining $775,000 of the overall settlement amount is going to take care of the legal expenses.
Class members are eligible to file claims for compensation of ordinary and incredible deficits, which include around 3 hours of lost time and $20 per hour, and an additional 2 hours if they experienced remarkable losses. Claims for regular losses of around $250 for every class member may be filed to pay for bank charges, credit tracking, credit freeze, communication, and other expenses, and a declaration may be filed for remarkable losses as much as $5,000.
A final approval hearing is set for October 26, 2022. Claims should be published by February 1, 2023.