The Ohio law firm, Bricker & Eckler LLP, has agreed to settle a class action data breach lawsuit filed on behalf of individuals affected by a 2021 ransomware attack on the firm. Bricker & Eckler is a full-service law firm that serves many healthcare clients. The breach investigation confirmed that sensitive patient data was copied from its systems, including names, addresses, medical information, education-related information, driver’s license numbers, and Social Security numbers. The attackers had access to its systems from January 14 to January 31, 2021. Bricker & Eckler did not confirm if the ransom was paid but said the stolen data has been retrieved. The breach was reported to the HHS’ Office for Civil Rights in April 2021 as affecting 420,532 individuals and the law firm offered a 12-month complimentary membership to an identity theft protection and credit monitoring service.
A lawsuit was promptly filed on behalf of individuals affected by the attack that alleged the law firm was negligent as it had failed to implement reasonable safeguards to ensure the confidentiality of sensitive data and had not followed recognized security practices. The law firm did not admit any wrongdoing and does not accept liability for the data breach but chose to settle the lawsuit and has proposed a $1.95 million settlement.
Under the terms of the settlement, class members are entitled to submit a claim for reimbursement of losses that directly resulted from the data breach up to a maximum of $5,000. Claims can be submitted for fraudulent charges to accounts, the cost of arranging credit monitoring services, other reasonable expenses, up to 4 hours of undocumented lost time at $20 per hour, plus up to 8 hours of documented lost time at $20 per hour.
Individuals who wish to object to the settlement or remove themselves from the class must do so by November 7, 2022. Class members must submit claims no later than December 21, 2022. The final approval hearing for the settlement is scheduled for November 17, 2022.
The post Bricker & Eckler Agrees to Settle Class Action Data Breach Lawsuit for $1.95M appeared first on HIPAA Journal.