CaptureRx Proposes $4.75 Million Settlement to End Data Breach Litigation
CaptureRx has proposed a $4.75 million settlement to resolve claims related to a 2021 data breach that affected approximately 2.4 million patients of its healthcare provider clients.
CaptureRx is a healthcare administrative service provider that helps hospitals manage their 340B drug discount programs. On February 6, 2021, CapturRx discovered unauthorized individuals had gained access to its network and used ransomware to encrypt its files. On March 19, 2021, CaptureRx determined files containing patient data had been compromised, and affected clients started to be notified on March 30, 2021. CaptureRx publicly announced the data breach but did not initially disclose how many individuals had been affected. The breach was reported to the HHS’ Office for Civil Rights in May 2021 by CaptureRx as affecting 1,656,569 individuals, although several of its healthcare provider clients reported the breach themselves.
Several class action lawsuits were proposed that alleged CaptureRX was negligent for failing to implement and maintain appropriate safeguards to protect patient data and other claims. CaptureRx took the decision to propose a settlement to resolve all claims associated with the data breach to avoid further legal costs. Christopher Hotchkiss, CEO of NEC Networks, CaptureRx’s parent company, said CaptureRx is facing multiple claims for indemnity from its customers, which has placed a considerable financial strain on the company. Hotchkiss said CaptureRx is not a large national or multinational company and has limited resources. The settlement was proposed to end the litigation to avoid further legal costs. Hotchkiss said if the settlement is not finalized, CaptureRx may be forced into filing for bankruptcy. “By settling now, the settlement class can take advantage of remedies that would be unavailable or worth substantially less by the time of a litigated final judgment,” said legal counsel for CaptureRx in the court filing.
The proposed settlement will see a $4.75 million fund created to cover legal costs and claims from plaintiffs and class members. Lawyers for the plaintiffs will receive around a third of the settlement, plaintiffs will receive around $2,000 each, and the remainder of the fund will cover claims from class members. CaptureRx’s insurer will be covering around half of the settlement, with CaptureRx paying the remainder. Plaintiffs will be entitled to submit claims of up to $25, regardless of whether they experienced identity theft, with claims of up to $75 possible for California residents. Under the terms of the settlement, CaptureRx is required to develop, implement, and maintain a comprehensive information security program, if such a program has not already been implemented.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
CaptureRx will now seek preliminary approval for the settlement from the courts and the plaintiffs will have the opportunity to reject the settlement; however, lawyers for the plaintiffs believe the proposed settlement is fair.
