University of Pittsburgh Medical Center Paid $450,000 to Resolve Data Breach Lawsuit

University of Pittsburgh Medical Center has decided to negotiate a class action data breach lawsuit. It will reserve $450,000 to take care of claims from men and women who have sustained losses because of the theft and wrong use of their protected health information (PHI).

The data breach impacted roughly 36,000 individuals and an unauthorized third party viewed and stole their protected health information between April 2020 and June 2020. The breach took place at Charles J. Hilton PC, (CJH), UPMC’s legal counsel that offered billing-related services. The exposed records were located in the provider’s email system and comprised names, dates of birth, Social Security numbers, financial details, ID numbers, signatures, insurance data, and medical records. The data breach was identified in June 2020; nonetheless, notification letters were dispatched to affected persons only in December 2020.

Though lots of speculative legal cases are filed versus medical companies and their business associates regarding the compromise of patient information, in this instance, the plaintiff was conned immediately after the breach, which was as a result of his data being stolen during the data breach that occurred at CJH. The hacker created an Amazon credit card account under his name. The plaintiff reported he had to expend a substantial amount of time handling the misuse of his personal information and PHI. The legal case claimed UPMC and CJH did not do their duty to secure patient records and hadn’t enforced fair and suitable safety measures to protect their private details.

UPMC and CJH did not admit any wrongdoing or liability yet decided to resolve the case. Under the stipulations of the negotiation, class members could submit a claim for a $250 cash as payment for recorded out-of-pocket costs associated with the security breach and could file claims for around $2,500 to retrieve fake charges and expenses linked to identity theft, in addition to $30 for the undocumented time used for handling the breach. 12 months of free credit monitoring, identity theft, and dark web monitoring services will likewise be given to class members. Claims need to be sent in on or before September 3, 2022.

In 2021, UPMC resolved a long-running lawsuit by paying $2.65 million. The lawsuit was submitted on behalf of 27,000 staff members impacted by a data breach in February 2014.