The Methodist Hospitals Inc. has settled a class action lawsuit for $425,000. The settlement is the result of a major data breach affecting more than 68,000 individuals. The organization has agreed to establish a fund to compensate claims from victims of the data breach.
In June 2019, the organization revealed that an unauthorized third party had obtained access to an employee’s email account after observing unusual behavior in the account. The HHS’ OCR launched a thorough forensic investigation after learning of the email’s existence to identify how the email had been accessed, what it had been used for, and whether patient data had been obtained. The investigation concluded that two employee email accounts had been accessed by hackers between March 13, 2019 and July 8, 2019 after the employees had responded to phishing emails. The potential information accessed by the cybercriminals includes information regarding name, address, date of birth, Social Security numbers, Medicare/Medicaid numbers, usernames, passwords, driver’s license numbers, treatment and diagnosis information, and payments card information.
After learning of the mismanagement of data, a class action lawsuit was brought to the Harris County District Court in Texas by plaintiffs James Jones and others. The plaintiffs claimed that the Methodist Hospitals Inc. were negligent in protecting their sensitive information and contend that they have suffered harm as a result. Despite the Methodist Hospitals’ denial of any wrongdoing and the fact that the OCR investigation was concluded without any further action, the decision was made to settle the complaint in order to save money on additional legal fees and the uncertainty of going to trial.
The company will also provide free identity theft resolution services and credit monitoring for two years to those who are affected. The Method Hospital Inc. is revising its rules and practices and adding additional security measures to increase protection against future phishing attacks. It is advised that all impacted parties keep an eye on their account statements for any unusual behavior.