United Health Centers of the San Joaquin Valley Offers to Settle Data Breach Lawsuit

United Health Centers of the San Joaquin Valley (UNC) has offered a settlement deal to take care of a class action lawsuit filed for the sake of patients impacted by its Vice Society ransomware attack in August 2021.

The attack involved ransomware actors that acquired access to its system and extracted files with patient data including names, dates of birth Social Security numbers, medical record numbers, and treatment data. The attacker copied the information from its systems from August 24, 2021 to August 28, 2021. Notification letters in relation to the attack and data breach had been sent four months following the attack in December 2021. Impacted persons were provided free memberships to a credit monitoring and identity theft protection service for 12 months.

Attorney Matthew R. Wilson filed the lawsuit Avetisyan v. United Health Centers of the San Joaquin Valley in the Fresno County Superior Court on behalf of Narek Avetisyan, a UNC patient, and other persons likewise impacted by the data breach. The lawsuit claimed negligence, breach of privacy, and violations of the Consumer Records Act and the California Confidentiality of Medical Information Act.

UNC stated it has put in place and retains “meritorious defenses” to stop attacks of this type and admits no mistake for the data breach or liability, and although UNC mentioned it was pleased to strongly defend the legal action, it decided to try to resolve the lawsuit to steer clear of continuing legal expenses and the uncertainty of the trial.

Based on the conditions of the proposed settlement, impacted persons will be eligible to have three years of credit monitoring and identity theft protection services, even though they opt to not include themselves in the settlement. Persons who agree to the settlement are going to be eligible to file a claim for as much as $500 for non-economic costs as a result of the data breach and could get up to $2,500 as compensation for recorded losses that could be sensibly related to the cyberattack.

People who want to disagree to or leave out themselves from the settlement should do so on or before November 19, 2022, which is likewise the last date for filing claims for compensation. A fairness hearing is set on February 8, 2023.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA