A New Mexico federal judge has approved Rehoboth McKinley Christian Health Care Services’ proposed settlement to take care of claims associated with a February 2021 cyberattack. The settlement will pay affected individuals up to a maximum of $4,000 per person for out-of-pocket expenses sustained and lost time in response to the data breach.
Rehoboth McKinley Christian Health Care Services manages a 60-bed acute care hospital and outpatient clinics and offers home health care services in Arizona and New Mexico. The provider detected a security breach in February 2021. The investigation confirmed that unauthorized persons got access to its system from January 21 to February 5, 2021. The attackers accessed the protected health information (PHI) of around 191,000 patients, which include names, contact details, Social Security numbers, health data, and medical insurance data. Patients received notification concerning the data breach last May 2021.
The Charlie et al. versus Rehoboth McKinley Christian Health Care Services lawsuit was submitted on behalf of Leona Garcia Lacey, Alicia Charlie, Darrell Tsosie, and a small child, which has a representing guardian Gary Hicks. Allegedly, Rehoboth McKinley Christian Health Care Services was unable to apply proper safety measures to avert unauthorized access to their PHI and furthermore unnecessarily delayed sending notifications to impacted patients.
The lawsuit claimed Rehoboth McKinley Christian Health Care Services did not follow the New Mexico and Arizona consumer protection laws, and had claims of negligence, breach of implied contract, breach of fiduciary duty, and intrusion upon seclusion. However, the judge rejected the claims for breach of implied contract, intrusion upon seclusion, and the violation of the Arizona Consumer Fraud Act. Rehoboth McKinley Christian Health Care Services had contended that there was no actionable obligation to safeguard the plaintiffs’ information, however, U.S. District Court Judge Steven C. Yarbrough decided that Rehoboth McKinley Christian Health Care Services had a duty of ordinary care to the plaintiffs with regards to the retention of their private data and didn’t show that lost time recovery in relation to the breach wasn’t allowed under state legislation.
As per the conditions of the settlement, the 191,009 people in the class may file claims for as much as $500 to compensate for standard out-of-pocket expenditures, which may include around 4 hours of lost time valued at $15 hourly. Standard expenditures include bank charges, long-distance telephone charges, cell phone and data costs, postage, fuel for local travel, credit report charges, and credit monitoring and identity theft insurance services. Claims could likewise be filed for documented outstanding out-of-pocket expenditures as much as $3,500. Unlike a lot of settlements which are compensated pro rata according to the number of claims, this arrangement will pay the entire $4,000 for all class members. Class members will likewise be given 2 years of free credit monitoring services. Rehoboth McKinley Christian Health Care Services has additionally consented to improve data protection. A final fairness hearing will be on May 24, 2022.