Two healthcare companies located in Massachusetts have opted to resolve their class action lawsuits that patients filed because of the theft of protected health information (PHI) in cyberattacks.
Sturdy Memorial Hospital
Sturdy Memorial Hospital based in Attleboro, MA, has decided to resolve a lawsuit submitted because of a ransomware attack in September 2021. The attackers acquired access to the information of around 60,000 individuals. The compromised information may include names, Social Security numbers, addresses, birth dates, financial data, and medical data. The attackers extracted patient information and threatened to publish the data to the public. The hospital opted to give the ransom payment.
The Shedd, et al. v. Sturdy Memorial Hospital Inc lawsuit claimed the hospital managed patient records recklessly since the data was saved on a system at risk of cyberattacks and the information wasn’t encrypted. It was further alleged that the hospital failed to adhere to Federal Trade Commission rules and broke Massachusetts regulations by issuing notification letters to patients late by about 4 months.
Sturdy Memorial Hospital did not admit any wrongdoing and decided to resolve the lawsuit to prevent continuing legal expenses. As per the conditions of the settlement, class members may file claims as much as $375 for ordinary losses, which include out-of-pocket costs and around three hours of lost time for $20 an hour. Claims may likewise be filed for recorded extraordinary losses sustained from February 9 to February 14, 2021, as much as $5,000. The settlement likewise provides class members with complimentary credit monitoring services.
Class members can make a decision until January 14, 2023, whether to not include themselves in or disapprove of the negotiation. Claims should be filed by February 14, 2023. There will be a fairness hearing on February 16. 2023.
North Shore Pain Management
North Shore Pain Management manages pain management centers in the areas of Beverley and Woburn, MA. Its vendor, Revolve I.T. Inc is settling a class action lawsuit associated with a ransomware attack in April 2020.
The attackers acquired access to its system and extracted patient information before encrypting files. The AKO ransomware group professed to having stolen 4GB of information and leaking that data in case the ransom was not paid. The stolen information contained patient names, birth dates, medical insurance data, account balances, financial details, diagnosis, and treatment data. For several patients, the Social Security numbers and/or MRI and ultrasound images were also stolen. There were 12,472 present and past patients impacted.
North Shore Pain Management and Revolve I.T. state that they had enforced sufficient defenses to secure against cyberattacks and did not admit to any wrongdoing. The provider opted to deal with the lawsuit to steer clear of additional legal expenses and the uncertainty of trial.
According to the conditions of the settlement, the hospital will create a fund worth $200,000 to pay for claims filed by class members for monetary losses and lost time associated with the data breach. Every class member could file a claim as much as $150 for regular economic losses and lost time and claims as much as $1,500 maximum are allowed for remarkable losses. The settlement also requires 3 years of credit monitoring services or a $25 payment instead of the credit monitoring services and compensation for monetary losses. Claims are going to be compensated pro rata in case the total claims are greater than $200,000.
Class members can decide until December 14, 2022 whether to not include themselves in or disapprove of the settlement. Claims have to be filed by January 13, 2023. There is a fairness hearing on January 10, 2023.