Retina Group of Washington agreed to resolve a class action lawsuit associated with a data breach in March 2023 that resulted in the unauthorized access of the protected health information (PHI) of 455,935 persons. Retina Group of Washington manages eye care clinics around Maryland and Virginia. As per the settlement terms, the healthcare provider will create a $3.6 million fund to pay for attorneys’ fees, claims, and legal expenses.
On December 22, 2023, the healthcare provider sent notification letters regarding a ransomware attack on March 26, 2023. The attackers stole data after encrypting files. The stolen data included names, addresses, email addresses, phone numbers, birth dates, demographic details, driver’s license numbers, Social Security numbers, medical record numbers, medical data, payment details, and medical insurance details.
The data breach prompted seven lawsuits to be filed against Retina Group of Washington. The lawsuits were combined into one, In re: Retina Group of Washington Data Security Incident Litigation, and filed in the United States District Court for the District of Maryland. The plaintiffs stated several claims, such as negligence for not implementing acceptable and proper safety measures to safeguard sensitive information against unauthorized access and for not adhering to standard cybersecurity guidelines. Retina Group of Washington responded that it did nothing wrong but consented to settle the lawsuit to stop continuing lawsuit costs and the uncertainties of a trial. The settlement terms allow class members to file claims for a refund of unreimbursed losses sustained because of the data breach.
Class members can claim compensation for losses and avail credit monitoring services, or could otherwise claim a cash payment. The expected cash payment is about $100 or paid pro rata. The cash payment could be more or less, depending on the number of legitimate claims submitted. Class members wanting to file a claim for compensation of losses may file a maximum of $300 for recorded unreimbursed regular losses, which include around 4 hours of lost time worth $25 per hour. Claims can also be filed for extraordinary losses, including losses because of identity theft and fraud, as much as $5,000 per class member. People who filed a valid claim for ordinary and/or extraordinary losses could likewise claim three-bureau credit monitoring services for 3 years.
The court has given preliminary approval of the settlement. The schedule of the final fairness hearing is June 9, 2025. The last day for filing an exclusion from or objection to the settlement is May 27, 2025. The last day for filing claims is June 23, 2025. The plaintiffs’ attorneys are Ben Barrow of Barnow and Associates PC, Tyler J. Bean of Siri & Glimstad LLP, and Gary M. Klinger of Millberg Coleman Bryson Phillips Grossman PLLC.