The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

San Andreas Regional Center Agrees to Settle 2021 Ransomware Attack Lawsuit

Posted By on Jan 31, 2023

San Andreas Regional Center has agreed to settle a class action lawsuit that was filed in response to a July 2021 ransomware attack in which hackers gained access to the personal information of more than 57,000 patients

The San Jose, CA-based healthcare provider supports individuals with developmental disabilities through its facilities in the Santa Clara, Santa Cruz, San Benito, and Monterey counties. The ransomware attack occurred on or around July 5, 2021, and prior to encrypting files, the threat actor potentially accessed and exfiltrated sensitive patient data such as names, addresses, dates of birth, telephone numbers, Social Security numbers, email addresses, health plan beneficiary numbers, health insurance information, full-face photos, and medical information. Affected individuals were notified about the cyberattack in August 2021 and were offered complimentary credit monitoring and identity theft protection services.

A lawsuit – Lopez, et al. v. San Andreas Regional Center – was filed in the Superior Court of California in response to the breach alleging the healthcare provider was negligent for failing to implement reasonable cybersecurity measures to protect against ransomware attacks, despite being aware of the high risk of attacks on the healthcare sector. The lawsuit alleged the plaintiff and class members now face a high risk of identity theft and fraud as a result of the data breach and have incurred out-of-pocket expenses and lost time securing their accounts and protecting against the misuse of their personal and protected health information.

San Andreas Regional Center denies all claims related to the data breach but decided to settle the lawsuit to avoid further legal costs and the uncertainty of trial. Under the terms of the proposed settlement, class members are entitled to submit claims of up to $500 for documented ordinary expenses that are reasonably traceable to the data breach, such as bank fees, credit costs, and communication charges, and up to 3 hours of lost time at $20 per hour. Claims of up to $2,500 will be accepted for documented extraordinary losses due to identity theft and fraud.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Individuals wishing to object to or exclude themselves from the proposed settlement have until March 13, 2023, to do so. Claims must be submitted by August 2, 2023. The final approval hearing is scheduled for August 2, 2023. The class is represented by attorneys Michael Anderson Berry of Clayeo C Arnold PC and David k Lietz of Milberg Coleman, Bryson, Phillips Grossman PLLC.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist