Dental Care Alliance Pays $3 Million to Resolve Class Action Data Breach Lawsuit

Dental Care Alliance made a decision to negotiate a class action lawsuit filed because of a data breach that affected over 1.7 million persons. A $3 million fund was set aside to cover claims from people impacted by the breach.

Dental Care Alliance, LLC is a dental support company located in Sarasota, FL having over 320 affiliated dental practices in 20 states. Dental Care Alliance stated its systems had been breached on September 18, 2020. The company discovered the breach on October 11, 2020, which was controlled on October 13, 2020. The forensic investigation affirmed the likely exposure of names, addresses, dentists’ names, patient account numbers, diagnoses, treatment data, billing details, payment card details, and medical insurance data. Affected individuals received notification letters concerning the incident in December 2020.

The breach report sent to the HHS’ Office for Civil Rights at the beginning reflected that 1,004,304 persons were affected, nevertheless, it was later changed to 1,723,375 people. Dental Care Alliance mentioned there was no specified proof of data theft discovered and it did not know of any misuse of patient records. Even with the involvement of highly sensitive data, the organization didn’t provide credit monitoring services.

A legal action – Paras v. Dental Care Alliance, LLC, Case No. 22-ev-000181 – was submitted to the State Court of Fulton County, Georgia, on behalf of the persons impacted by the data breach. Purportedly, Dental Care Alliance was unable to sufficiently protect patient data and the plaintiffs stated that if good cybersecurity steps had been enforced, the security breach would have been avoided. The plaintiffs claimed that they experience a heightened risk of identity theft and fraud as a result of the negligence of Dental Care Alliance and that their sensitive personal data and protected health information (PHI) are actually in the control of data thieves.

Dental Care Alliance has offered an arrangement to take care of claims associated with the information breach yet has not confessed to any wrongdoing. As per the conditions of the settlement, a $3 million funding will be reserved to pay for claims from affected people, and 2 years of identity theft protection services are being given to all impacted persons. Those services comprise dark web tracking and payment by a $1 million identity theft insurance plan.

All class members can submit claims of approximately $2,000 for recorded losses because of the data breach, and up to two hours of lost time @ $20 per hour. Persons involved with a settlement subclass may file extra claims for as much as $3,000 for documented losses and an extra 2 hours of lost time. The max for claims is $3,000,000. Claims are going to be paid pro rata whenever it’s more than that figure. The lawyers for the plaintiffs will talk to the court to receive fees of $850,000 and $1,500 fees for the class representatives. With the stipulations of the settlement, Dental Care Alliance has decided to employ more data security steps.

The appointed hearing for the final acceptance of the proposal is on Sept. 1, 2022. The July 26, 2022 due date for backing out of the negotiation has already passed. Claims have to be filed on or before August 25, 2022.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone