Resolved Good Samaritan Hospital Class Action Lawsuit and Intellihartx Facing Class Action Lawsuit

Good Samaritan Hospital Resolves Class Action Data Breach Lawsuit

Good Samaritan Hospital located in San Jose, CA, has decided to resolve a class action lawsuit that was submitted because of a data breach that compromised the protected health information (PHI) of around 233,835 people. Based on the hospital, unauthorized persons acquired access to the email account of an employee from October 28 to November 8, 2019, which included sensitive patient information like names, dates of birth, driver’s license numbers, Social Security numbers, passport numbers, tax ID numbers, treatment/diagnosis data, medical insurance data, billing details, physicians’ names, medical record numbers, medical backgrounds, prescription data, patient account numbers, Medicare/Medicaid IDs, and financial account numbers.

The Young, et al. v. Good Samaritan Hospital­ lawsuit­ was submitted to the California Superior Court for Los Angeles County on behalf of the people affected by the data breach. As per the lawsuit, the hospital had acted unlawfully when it was unable to stop the data breach and claimed negligence, California Confidentiality of Medical Information Act (CMIA) violations, and unlawful/unfair enterprise practices, violating the California Business and Professions Code.

Good Samaritan Hospital rejected all of the accusations saying that there was no wrong done. It claims that it completely complied with all government and state regulations; nevertheless, it made a decision to resolve the lawsuit to steer clear of more legal expenses and the uncertainty of trial. All parties agreed to the proposed settlement but there’s no final approval yet from a judge. The schedule of the final approval hearing is on Sept. 5, 2023.

There is no mention of the total settlement fund yet; nonetheless, all class members can claim as much as $1,500 as repayment for ordinary costs, which are recorded expenses that were sustained because of the data breach. Ordinary costs consist of credit monitoring expenses, telephone calls, interest on loans, communication costs, card re-issuance charges, and unreimbursed bank charges. People that have experienced identity theft, tax fraud, medical fraud, other types of fraud, and other actual inappropriate uses of their personal data, can file claims for recorded, unreimbursed extraordinary expenses that are fairly traceable to the data breach of as much as $5,000. Based on the conditions of the settlement, Good Samaritan Hospital has likewise decided to spend over $459,900 on improvements to strengthen information security.

July 18, 2023 is the last day to file for objection to or exclusion from the settlement and to file all claims. Gayle M Blatt of Casey Gerry Schenk Francavilla Blatt & Penfield LLP and Joshua B Swigart of Swigart Law Group AFC represented the class members.

Class Action Lawsuit Filed Against Intellihartx Over 490K-Record Data Breach

Intellihartx, LLC, (aka ITx Companies) is facing a lawsuit has over a cyberattack conducted by the Clop ransomware group by exploiting a vulnerability present in Fortra’s GoAnywhere Managed File Transfer (MFT) solution. The attack in late January resulted in the compromise of the PHI of 490,000 patients of its healthcare customers. 130 GoAnywhere users were affected and Intellihartx was one of them.

Intellihartx, a revenue cycle management firm, stated that PHI such as names, contact data, insurance details, diagnoses, prescription drugs, birth dates, and Social Security numbers were exposed in the January 30, 2023 cyberattack. Impacted persons were informed concerning the data breach on June 9, 2023, over 4 months after discovering the attack.

The Laren Perrone v. Intellihartx, LLC lawsuit was submitted to the U.S. District Court of the Northern District of Ohio Western Division. Allegedly, the defendant was unable to appropriately secure and protect the PHI of the plaintiff and class members, didn’t sufficiently monitor its business associates, vendors, and providers, and failed to identify the data breach promptly.

The lawsuit states the defendant knew about the vulnerability on January 29, 2023, thus the data breach could have been prevented. The severity of the breach could likewise be avoided or restricted if it had restricted the patient data it disclosed to its business associates and used reasonable administrative measures to make sure that sufficient data security strategies and procedures were being enforced and preserved by its business associates.

The lawsuit alleges the plaintiff and class members experience an impending, instantaneous, and continuous elevated risk of enduring ascertainable losses from the data breach, which includes identity theft and other fraudulent misuses of their information, and have and will keep incurring out-of-pocket costs mitigating the impact of the data breach. The lawsuit doesn’t claim that PHI has already been improperly used or that identity theft or other fraud has happened.

The lawsuit asserts the defendant was unable to abide by the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and FTC guidelines, stating security problems like insufficient data security programs, procedures, and standards to guard against reasonably expected risks or hazards and an inability to mitigate the threats of a data breach.

The plaintiffs and class members seek monetary relief for injuries as well as injunctive relief to make sure the alleged data security problems are fixed to avoid more data breaches later on. Besides monetary relief, the lawsuit wants a court order demanding that the defendant completely and correctly disclose the nature of the data that was exposed and to implement adequate security procedures and safety measures to avoid the same occurrences later on.

Mason Barney ad Tyler Bean of SIRI & GLIMSTAD LLP and Christopher Wiest, Atty at Law PLLC represented the plaintiff and class members.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA