Class action settlement reached in data breach affecting 4.5 million

February 15, 2019
News & Insights

A settlement of up to $3.1 million has been reached in class action lawsuit involving one of the largest healthcare data breaches in history, the Nashville Post reports.

Community Health Systems (CHS) of Tennessee was the target of a cyberattack in 2014, when a Chinese criminal group breached its system using malware and stole the protected health information, including names, addresses, birth dates, and Social Security numbers, of approximately 4.5 million patients.

Former CHS patients allege in the lawsuit that after the breach was discovered, CHS made no effort to patch its software system. It is also alleged that CHS kept patient information on a test server, leaving it vulnerable to attacks. CHS denials all allegations of wrongdoing.

The settlement agreement, which is still pending approval by a judge, will offer two types of compensation for patients who were affected by the breach and who submit a valid claim. Each patient is entitled to up to $250 to cover identity theft protection services, and those who experienced identity theft or fraud as a result of the breach are entitled to up to $5,000. The total amount of claims paid will be capped at $3.1 million. Affected patients have until August 1 to submit claims.

Related Topics: 
HIM/HIPAA, HIPAA