The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Electromed Proposes $825,000 Class Action Data Breach Settlement

Posted By on Feb 15, 2023

The medical device manufacturer Electromed has proposed an $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The attack was detected and blocked by Electromed on June 16, 2021, and the forensic investigation confirmed that files were accessed – and potentially stolen – that included customers’ first and last names, mailing addresses, medical information, and health insurance information. Associates affected by the breach had their Social Security numbers, driver’s license numbers, and financial account information exposed. Affected individuals were notified about the ransomware attack in August and were offered complimentary credit monitoring and identity theft protection services.

A lawsuit – Lutz, et al. v. Electromed Inc., – was filed against Electromed that alleged a failure to implement reasonable and appropriate cybersecurity measures to protect customers’ data, despite being aware of the risk of ransomware attacks. Electromed has not admitted any wrongdoing and chose to settle the lawsuit to avoid further legal costs and the uncertainty of trial. The settlement will see a $850,000 fund established to cover claims for reimbursement of losses traceable to the data breach. Class members can submit claims for up to $250 for the reimbursement of ordinary expenses, which include bank fees, communication charges, and up to 4 hours of lost time at $25 per hour. Claims may be submitted for reimbursement of documented, unreimbursed extraordinary losses due to identity theft and fraud, up to a maximum of $5,000.

In addition to any claims, class members are entitled to receive a cash payment of $30, and residents of California at the time of the data breach are entitled to claim a cash payment of $100. Claims and cash payments will be paid pro rata if the settlement total is reached. The deadline for objection to and exclusion from the settlement is March 2, 2023. Claims must be submitted by April 1, 2023, and the final approval hearing for the settlement has been scheduled for June 5, 2023.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist