The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Health Aid of Ohio Settles Class Action Data Breach Lawsuit

Posted By on Jul 11, 2022

Health Aid of Ohio has agreed to settle a class action lawsuit to resolve claims that it failed to protect the sensitive personal information of its customers.

Health Aid of Ohio is a Parma, OH-based full-service home medical equipment provider. On February 19, 2021, Health Aid discovered hackers had gained access to its network and viewed and removed files containing sensitive customer information. The files contained information such as name, telephone number, Social Security number, date of birth, medical diagnosis, insurance information, and the type of equipment that was delivered or repaired. Notifications were issued to affected customers in May 2021. The data breach affected 141,149 individuals.

A lawsuit was filed on behalf of affected individuals, which alleged Health Aid had failed to implement reasonable cybersecurity measures to ensure the confidentiality of customer data. The lawsuit alleged negligence, unjust enrichment, invasion of privacy, and other claims.

Health Aid admitted no wrongdoing but decided to settle the lawsuit to resolve all claims related to the data breach. Under the terms of the settlement, any individual affected who had their Social Security number exposed is entitled to a cash payment of up to $250 and can submit a claim for out-of-pocket expenses, including credit monitoring costs, and up to four hours of lost time at $15 per hour. Documentation must be submitted to support any claim. Any individual who can provide documentation that proves they were a victim of fraud can submit a claim of up to $2,500. Claims must be submitted by August 22, 2022, and the deadline for exclusion or objection is July 22, 2022.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Regardless of the types of information exposed in the data breach, all class members are entitled to a 12-month complimentary membership to credit monitoring and identity theft restoration service. Health Aid has also agreed to implement a range of additional safeguards to better protect customer information in the future and will undergo annual security risk assessments in 2022 and 2023 to determine whether further security enhancements can be made.

The final approval hearing for the settlement has been scheduled for Sept. 20, 2022.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist