The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Settlement Reached in Preferred Home Care Data Breach Lawsuit

Posted By on Mar 3, 2023

AssistCare Home Health Services has agreed to settle a class action lawsuit, filed on behalf of individuals affected by a cyberattack and data breach in January 2021. In March 2021, AssistCare Home Health Services, which does business as Preferred Home Care of New York, notified more than 92,000 patients that their protected health information had been exposed in a cyberattack. Unauthorized individuals gained access to its network between January 8 and January 10, 2021, and exfiltrated files containing patient data.  The attack was conducted by the Sodinokibi ransomware group, which published some of the stolen data on its data leak site. The compromised data included names, personal information, health information, and Social Security numbers.

A class action lawsuit – Simmons v. AssistCare Home Health Services LLC, was filed in the New York Superior Court for Kings County covering the 92,283 individuals that were notified about the data breach. The lawsuit alleged negligence for failing to implement reasonable cybersecurity measures to protect against a known risk of ransomware attacks on the sector, and that as a result of that negligence, victims were placed at an imminent and elevated risk of identity theft and fraud.

AssistCare Home Health Services chose to settle the lawsuit with no admission of wrongdoing and has agreed to accept claims from class members up to a maximum of $3,900 per claimant. The total value of the settlement was not disclosed. Claims will be accepted up to $400 for compensation for ordinary losses such as bank fees, communication charges, and credit-related costs, and up to 4 hours of lost time at $20 per hour. Claims will also be accepted up to a maximum of $3,500 per claimant to cover documented, extraordinary losses that have not already been reimbursed, such as losses to fraud and identity theft. Regardless of if a claim is submitted, class members are eligible to receive one year of three-bureau credit monitoring services.

Class members have until April 24, 2023, to object to or exclude themselves from the settlement and submit claims for reimbursement of losses. The fairness hearing has been scheduled for June 27, 2023.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist