A California Federal court recently approved a preliminary settlement to take care of a consolidated class action lawsuit versus Solara Medical Supplies.
Solara Medical Supplies based in Chula Vista, California is a direct-to-consumer company selling medical devices and disposable medical merchandise as well as a registered pharmacy. Solara Medical discovered suspicious activity in the email account of an employee on June 28, 2019. The succeeding investigation affirmed that unauthorized people had acquired access to several Office 365 email accounts from April 2, 2019 to June 20, 2019, due to staff members replying to phishing emails.
Based on forensic investigation, the sensitive data of 114,007 customers wee compromised and possibly stolen, such as names, birth dates, driver’s license numbers, Social Security numbers, medical insurance data, and financial details. Impacted patients received one-year free credit monitoring and identity theft protection services.
Four class-action lawsuits had been submitted on behalf of the impacted clients, and those legal cases were combined into one lawsuit. Solara Medical offered the settlement to take care of the lawsuit to steer clear of regular legal expenses; nonetheless, did not admit any wrongdoing. The settlement terminates the lawsuit with prejudice and doesn’t signify any admission of wrongdoing, fault or liability.
As per the conditions of the settlement, Solar Medical has decided to spend $5,060,000 to handle the plaintiffs’ and class members’ claims and will do what is necessary to enhance data security to avoid other security breaches. The six plaintiffs who filed the lawsuits will get $4,000 each as compensation, and all class members who submit prompt claims will get $100, in addition to a pro-rata payment of approximately $1,000 if there are remaining funds after paying $100 cash payments. Included in the settlement amount are the $2.3 million attorneys’ charges. In case there are funds left, they will be contributed to the Juvenile Diabetes Research Foundation.
In the following two years, Solara Medical will go through a recurrent SOC 2 Type 2 review until it is passed, have a third party conduct a HIPAA IT evaluation, carry out a minimum of one cybersecurity incident response test per year, go through third-party phishing and external-facing vulnerability tests for a minimum of two times a year. Solara Medical will additionally have a security information event and management (SIEM) tool having a 400-day lookback on activity records. Enhanced versions of the remedial actions or similar actions will be done on new industry criteria for the following 3 years.