UCLA Health Settles Data Breach Class-Action Lawsuit for $7.5 Million
UCLA Health has reached a class-action lawsuit settlement with 4.5 million current and former patients who were affected by its May 2015 health data breach. According to a news report, the settlement will provide $2 million for unreimbursed loss and preventive measures claims. The remaining $5.5 million will provide a cyber security enhancement fund, which was agreed to by UCLA. The plaintiffs in this case are essentially patients whose personal information was exposed in a hack on the health system’s network.
Officials detected suspicious activity on the network in October 2014. However, at that time, it did not appear as if the hackers had gained access to systems containing personal and medical data. In May 2015, officials said the cyber attack was confirmed to have impacted those systems with patient information, including names, dates of birth, Social Security numbers, Medicaid or health plan identification numbers and some medical data.
Negligence on the Part of the Health System
Those who were impacted by the data breach filed a class-action lawsuit in July 2015. The plaintiffs in this case argued that UCLA health was negligent in its security efforts to protect patient data, putting consumers at risk of identity theft. They also alleged that the health system did not report the data breach in a timely manner.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), health providers are required to notify patients within 60 days upon the breach discovery. Further, they argued the health system should have foreseen the potential for a cyber attack given how common these types of data breaches have become among other health sector companies.
As a result of this settlement, UCLA Health agreed to a number of resolutions. First, all class members can sign up for complimentary identity protection services, which will provide coverage for two years. In addition, they agreed to reimburse patients for any money spent to protect themselves against identity theft or for losses suffered from fraud or identity theft. Patients can get up to $5,000 for preventive costs and up to $20,000 in damages or losses. Most importantly UCLA agreed to update its cyber security policies. If you have been affected and wish to claim, you must do so by May 20, 2019.
How Can You Protect Yourself?
Whether or not you have been a victim of a data breach, you should always do everything you can to keep your sensitive information secure. Here are a few tips:
- Create complex passwords. Use different passwords for each account and change them right away if a company you’ve recently done business with, gets hacked.
- Shop with a credit card. You may have less liability for fraudulent credit card charged. But you may not have the same kind of protection with a debit card.
- Look out for fraud. If you get a notice about a data breach, call the company to ensure it is legitimate.
- Set up account alerts, which provide you with notifications of suspicious purchases or account activity.
If you have been the victim of a data breach because of a corporation’s negligence, contact an experienced California class action lawyer to obtain more information about pursuing your legal rights.