SuperCare Proposes $2.25 Million Settlement to Resolve Data Breach Lawsuit
The Californian home care service provider, SuperCare, has proposed a $2.25 million settlement to resolve a class action lawsuit filed in response to a 2021 hacking incident in which the protected health information of 318,379 patients was compromised.
SuperCare detected a network intrusion on July 27, 2021, and the subsequent forensic investigation determined hackers had access to its network from July 23, 2021, to July 27, 2021; however, it took until February 4, 2022, to determine that patient information had been compromised. Files on the compromised parts of the network contained names, addresses, dates of birth, hospital or medical group, patient account numbers, medical record numbers, health insurance information, test results, diagnoses, treatment information, other health-related information, and claims information, and, for some individuals, Social Security numbers and driver’s license numbers. Affected individuals were notified on March 25, 2022, 8 months after the breach was detected.
A lawsuit was filed against SuperCare shortly after the data breach was announced that accused SuperCare of violations of California’s Confidentiality of Medical Information Act, the Federal Trade Commission (FTC) Act, and the Health Insurance Portability and Accountability Act (HIPAA) due to the failure to implement reasonable and appropriate cybersecurity measures to protect against a known risk of cyberattacks and data breaches, and the failure to issue timely notifications about the data breach. Further, when notifications were finally sent, the content of those notifications was lacking key information about the data breach, and no explanation was provided as to why it took so long for the notifications to be issued. The lawsuit also claimed affected individuals were not provided with adequate credit monitoring services or other remedies to reduce the risk of misuse of their sensitive data.
Under the terms of the proposed settlement, two tiers of benefits are being offered. Claims can be submitted for tier 1 benefits which include a cash payment of $100. The second tier allows claims up to a maximum of $2,500 to cover out-of-pocket expenses incurred as a result of the data breach, along with up to 4 hours of lost time at $25 per hour. All class members are entitled to claim one year of three-bureau credit monitoring services, which includes a $1 million identity theft insurance policy.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The deadline for exclusion from or objection to the settlement is June 5, 2023. Claims must be submitted by July 5, 2023, and the final approval hearing for the settlement has been scheduled for August 28, 2023.
