21st Century Oncology’s Proposed Data Breach Settlement Gains Initial Approval

by | Feb 17, 2021 | Compliance News

The court has granted preliminary approval of a settlement offered by 21st Century Oncology to solve a November 2020 class-action legal action. The class-action lawsuit was registered in District Court for the Middle District of Florida in support of affected individuals of a 2015 cyberattack that essentially impacted 2.2 million persons.

The Federal Bureau of Investigation notified 21st Century Oncology regarding a breach of its computer network on November 13, 2015. An unauthorized individual had obtained access to its system and could have viewed or acquired access to one of its databases on October 3, 2015. The database included patients’ names, diagnoses, treatment details, insurance data, and Social Security numbers. Notifications to affected people were overdue at the request of the FBI so as not to obstruct the investigation. Patients impacted by the breach began receiving notification letters in March 2016.

The Department of Health and Human Services’ Office for Civil Rights started a breach investigation and uncovered probable HIPAA violations. 21st Century Oncology resolved the case in December 2017 without any admission of liability and consented to pay a $2.3 million fine.

The class-action lawsuit desired breach victims to be paid for sustaining losses because of the incident, which include a refund of out-of-pocket expenditures, time spent seeking to fix things, and losses suffered due to identity theft and fraud.

With the provisions of the offered settlement, all breach victims will be eligible to claim credit monitoring and identity theft protection services via Total Identity for 2 years, which could be deferred for around two years.

Additionally, the 21st Century Oncology negotiation will see breach victims refunded for standard time expended correcting troubles somewhat traceable to the data breach, which is dependent on two hours at $20 each hour to as much as $40. Additionally, a claim may be made for reported time spent, to as much as 13 hours at $20 every hour to around $260.

Any person who will be able to give evidence of out-of-pocket costs sustained because of the breach or reported fraud may be allowed to file a claim as much as $10,000.

All persons advised concerning the breach in or about March 2016 are protected by the settlement and could file a claim. The due date for making claims is May 10, 2021. Any class member who wants to disapprove or exclude themselves from the arbitration has till March 9, 2021 to achieve this.

Though the court has issued initial acceptance of the settlement deal, finalized approval is not yet given. A fairness hearing is timetabled for June 15, 2021.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy