The Urology Center of Colorado has decided to resolve a class action lawsuit associated with a 137,820-record data breach that happened in September 2021. Last November 5, 2021, the company dispatched notification letters to its patients informing them about the potential compromise of some of their protected health information (PHI) two months earlier, from September 7 to September 8, 2022.
Unauthorized people gained access to its system and likely extracted files that contain patient data including names, birth dates, addresses, Social Security numbers, health record numbers, diagnoses, doctor names, insurance provider companies, names of guarantors, and treatment cost data. Impacted persons were provided free 12-months credit monitoring and identity theft protection services.
Legal action was submitted on behalf of plaintiffs Diona Lopez and Kristen Snyder as well as other persons impacted in the same way
by the security breach. The plaintiffs claimed the Urology Center of Colorado was at fault for not implementing required safety measures to protect the privacy of patient data, which include the inability to encrypt patient information, use patches quickly to mitigate identified vulnerabilities, evaluate and update account privileges of users, update firewalls, give proper training to people on the processes for dealing with inbound email messages, and be sure proper security procedures were implemented. The legal action additionally claimed a violation of Colorado’s data security regulations, a breach of implied contract, and a breach of fiduciary duty. Due to the negligence, the plaintiffs assert they are dealing with a huge, increased risk of fraud and identity theft.
The Urology Center of Colorado did any admit to any wrongdoing and does not accept liability for the information breach however decided to negotiate legal action to avoid the uncertainty of trial and continuing legal expenses. Based on the conditions of the settlement, the Urology Center of Colorado has consented to give payment for recorded out-of-pocket expenses and lost time. Those who file a claim are going to be entitled to get as much as $500 for recorded losses, which include as much as 5 hours of lost time. Claims of around $2,500 could be filed for extraordinary losses, and those who were California locals during the data breach are eligible to get $50 more in payments.
People that registered for the identity theft protection and credit monitoring services made available by the Urology Center of Colorado can claim two more years of membership. People who didn’t initially register for the services will get a two-year membership to those services.
Class action data breach settlements usually consist of a commitment to put into action more security procedures, though this negotiation has no such promises. The Urology Center of Colorado mentioned in its November breach notification letters that extra measures were being thought of to enhance security.
People who would like to refuse to or leave themselves out of the settlement have up to October 10, 2022, to take action. Claims should be filed by November 7, 2022. The schedule for the final fairness hearing is on October 26, 2022.