The Methodist Hospitals Inc decided to resolve a class action lawsuit and allocated a $425,000 fund for claims filed by victims in relation to a data breach in 2019 that impacted about 70,000 patients.
The healthcare provider based in Gary, IN submitted an email security incident report to the HHS’ Office for Civil Rights on April 4, 2019. The protected health information (PHI) of 68,039 patients was potentially stolen because of the incident.
The investigation results showed that hackers obtained access to the email accounts of two employees from March 13, 2019 to July 8, 2019, after responding to phishing emails. Patient data including names, addresses, dates of birth, driver’s license numbers, Social Security numbers, Medicaid/Medicare numbers, usernames, passwords, treatment and diagnosis data, and payment card details were potentially exfiltrated.
After the data breach, the lawsuit Jones v. The Methodist Hospitals, Inc. has been filed in the Harris County District Court in Texas. Allegedly, The Methodist Hospitals failed to sufficiently secure the PHI of patients, which resulted in harm suffered by plaintiffs Samantha L. Gordon, and James Jones and members of the class.
The Methodist Hospitals did not admit to any wrongdoing. The investigation by OCR was closed without any action taken; nevertheless, the provider made the decision to resolve the lawsuit to prevent having to pay for higher legal expenses and the uncertainty of having a trial.
According to the terms of the settlement, class members who are eligible to file a claim may receive two years of additional credit monitoring and identity theft resolution services, a refund of economic losses, and a refund for time lost because of the data breach.
To claim for reimbursement, victims may submit documents of economic losses of up to $3,000 and/or submit claims for reimbursement of lost time amounting up to $300. The settlement is awaiting final approval scheduled for June 13, 2022. Claims can be filed starting October 6, 2022.