The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Bricker & Eckler Agrees to Settle Class Action Data Breach Lawsuit for $1.95M

Posted By on Sep 20, 2022

The Ohio law firm, Bricker & Eckler LLP, has agreed to settle a class action data breach lawsuit filed on behalf of individuals affected by a 2021 ransomware attack on the firm. Bricker & Eckler is a full-service law firm that serves many healthcare clients. The breach investigation confirmed that sensitive patient data was copied from its systems, including names, addresses, medical information, education-related information, driver’s license numbers, and Social Security numbers. The attackers had access to its systems from January 14 to January 31, 2021. Bricker & Eckler did not confirm if the ransom was paid but said the stolen data has been retrieved. The breach was reported to the HHS’ Office for Civil Rights in April 2021 as affecting 420,532 individuals and the law firm offered a 12-month complimentary membership to an identity theft protection and credit monitoring service.

A lawsuit was promptly filed on behalf of individuals affected by the attack that alleged the law firm was negligent as it had failed to implement reasonable safeguards to ensure the confidentiality of sensitive data and had not followed recognized security practices. The law firm did not admit any wrongdoing and does not accept liability for the data breach but chose to settle the lawsuit and has proposed a $1.95 million settlement.

Under the terms of the settlement, class members are entitled to submit a claim for reimbursement of losses that directly resulted from the data breach up to a maximum of $5,000. Claims can be submitted for fraudulent charges to accounts, the cost of arranging credit monitoring services, other reasonable expenses, up to 4 hours of undocumented lost time at $20 per hour, plus up to 8 hours of documented lost time at $20 per hour.

Individuals who wish to object to the settlement or remove themselves from the class must do so by November 7, 2022. Class members must submit claims no later than December 21, 2022. The final approval hearing for the settlement is scheduled for November 17, 2022.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist