The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The attack was detected and blocked by Electromed on June 16, 2021, and the forensic investigation confirmed that files were accessed – and potentially stolen – that included customers’ first and last names, mailing addresses, medical information, and health insurance information. Associates affected by the breach had their Social Security numbers, driver’s license numbers, and financial account information exposed. Affected individuals were notified about the ransomware attack in August and were offered complimentary credit monitoring and identity theft protection services.
A lawsuit – Lutz, et al. v. Electromed Inc., – was filed against Electromed that alleged a failure to implement reasonable and appropriate cybersecurity measures to protect customers’ data, despite being aware of the risk of ransomware attacks. Electromed has not admitted any wrongdoing and chose to settle the lawsuit to avoid further legal costs and the uncertainty of trial. The settlement will see a $850,000 fund established to cover claims for reimbursement of losses traceable to the data breach. Class members can submit claims for up to $250 for the reimbursement of ordinary expenses, which include bank fees, communication charges, and up to 4 hours of lost time at $25 per hour. Claims may be submitted for reimbursement of documented, unreimbursed extraordinary losses due to identity theft and fraud, up to a maximum of $5,000.
In addition to any claims, class members are entitled to receive a cash payment of $30, and residents of California at the time of the data breach are entitled to claim a cash payment of $100. Claims and cash payments will be paid pro rata if the settlement total is reached. The deadline for objection to and exclusion from the settlement is March 2, 2023. Claims must be submitted by April 1, 2023, and the final approval hearing for the settlement has been scheduled for June 5, 2023.
The post Electromed Proposes $825,000 Class Action Data Breach Settlement appeared first on HIPAA Journal.