San Antonio’s CaptureRx agrees to pay $4.75 million to settle lawsuits over data breach
San Antonio’s CaptureRx agrees to pay $4.75 million to settle lawsuits over data breach
Photo of Patrick Danner
Patrick Danner
,
Staff writer
Feb. 11, 2022
Updated: Feb. 11, 2022 5:34 p.m.
Comments
CaptureRx Christopher Hotchkiss said the health care technology company would have to file for bankruptcy if it litigation over a 2021 data breach was not settleed. The company has agreed to pay $4.75 million to settle the litigation.
CaptureRx Christopher Hotchkiss said the health care technology company would have to file for bankruptcy if it litigation over a 2021 data breach was not settleed. The company has agreed to pay $4.75 million to settle the litigation.
File photo
San Antonio health care technology company CaptureRx has agreed to pay $4.75 million to settle proposed class-action litigation over a data breach that affected more than 2 million people.
Christopher Hotchkiss, CEO of CaptureRx parent company NEC Networks, said in a Friday court filing that it would “strongly consider filing for bankruptcy” if the settlement isn’t finalized. The settlement requires a San Antonio federal judge’s approval.
“CaptureRx is not a large national or multinational company and has limited resources,” he said in the court papers. “CaptureRx faces demands for indemnity from numerous customers…that have and continue to put severe financial strain on the company.”
The customers include pharmacy chain Rite Aid and Walmart, also named as defendants in the litigation.
On ExpressNews.com: Data breach at San Antonio health care technology company CaptureRx sparks class-action lawsuits.
CaptureRx acts as an administrator for hospitals, clinics and health centers participating in the 340B program, a government initiative requiring pharmaceutical companies to sell drugs at a discount to health care providers caring for under-served populations.
Pharmacies like Rite Aid have contracted with CaptureRx to process pharmacy claims.
In May, CaptureRx disclosed it had learned of “unusual activity” in some of its electronic files in February 2021.
The company determined the files were accessed without authorization. The files contained the names, dates of birth and prescription information for certain patients of health care providers that CaptureRx serves.
CaptureRx issued a statement on the data breach, though it didn’t disclose how many people were affected. It provided the notice on behalf of about 170 health care providers.
The company has denied all allegations of wrongdoing.
The proposed class totals more than 2.4 million people. The court filing said plaintiffs in at least seven of the 10 cases arising from the incident support the settlement.
The attorneys in the case seek a third of the settlement, or almost $1.6 million.
The payout for the class would amount to about $1.30 each if all of the roughly 2.4 million people submit a claim. Three class members who acted as lead plaintiffs stand to receive $2,000 each. Class members have the right to object to the proposed settlement.
But plaintiffs lawyers called the the deal “fair.”
“By settling now, the settlement class can take advantage of remedies that would be unavailable or worth substantially less by the time of a litigated final judgment,” the court filing stated. It seeks preliminary approval for the settlement and certification of the class. A final approval hearing likely would follow about 100 days afterward.
SA Inc.: Get the best of business news sent directly to your inbox
CaptureRx’s insurer is contributing less than half of the settlement amount, Hotchkiss said. Company owners will pay the remaining amount out of their own pockets.
A lead plaintiff in one of the actions is Daisy Trujillo of Merced County, Calif., a longtime Rite Aid customer who received notice of the breach. Afterwards, she said in the complaint, her cellphone was “inundated with spam” calls and her email was “flooded with spam emails.”
Personal information obtained in the breach can be sold on the “dark web,” the suit added. “Drug manufacturers, medical device manufacturers, pharmacies, hospitals and other health care providers often purchase” personal identifiable information and personal health information “on the black market for the purpose of target marketing their products and services to the physical maladies of the data breach victims themselves.
“Insurance companies purchase and use wrongfully disclosed” personal health information “to adjust insureds’ medical insurance premiums,” it said.
Sensitive health care data can sell for as much as $363 for each record, the suit added, citing the Infosec Institute.
Trujillo accused CaptureRx and Rite Aid of failing to comply with the Health Insurance Portability and Accountability Act, which was enacted in 1996 to protect sensitive patient health information.
Photo of Patrick Danner
Patrick Danner
,
Staff writer
Feb. 11, 2022
Updated: Feb. 11, 2022 5:34 p.m.
Comments
CaptureRx Christopher Hotchkiss said the health care technology company would have to file for bankruptcy if it litigation over a 2021 data breach was not settleed. The company has agreed to pay $4.75 million to settle the litigation.
CaptureRx Christopher Hotchkiss said the health care technology company would have to file for bankruptcy if it litigation over a 2021 data breach was not settleed. The company has agreed to pay $4.75 million to settle the litigation.
File photo
San Antonio health care technology company CaptureRx has agreed to pay $4.75 million to settle proposed class-action litigation over a data breach that affected more than 2 million people.
Christopher Hotchkiss, CEO of CaptureRx parent company NEC Networks, said in a Friday court filing that it would “strongly consider filing for bankruptcy” if the settlement isn’t finalized. The settlement requires a San Antonio federal judge’s approval.
“CaptureRx is not a large national or multinational company and has limited resources,” he said in the court papers. “CaptureRx faces demands for indemnity from numerous customers…that have and continue to put severe financial strain on the company.”
The customers include pharmacy chain Rite Aid and Walmart, also named as defendants in the litigation.
On ExpressNews.com: Data breach at San Antonio health care technology company CaptureRx sparks class-action lawsuits.
CaptureRx acts as an administrator for hospitals, clinics and health centers participating in the 340B program, a government initiative requiring pharmaceutical companies to sell drugs at a discount to health care providers caring for under-served populations.
Pharmacies like Rite Aid have contracted with CaptureRx to process pharmacy claims.
In May, CaptureRx disclosed it had learned of “unusual activity” in some of its electronic files in February 2021.
The company determined the files were accessed without authorization. The files contained the names, dates of birth and prescription information for certain patients of health care providers that CaptureRx serves.
CaptureRx issued a statement on the data breach, though it didn’t disclose how many people were affected. It provided the notice on behalf of about 170 health care providers.
The company has denied all allegations of wrongdoing.
The proposed class totals more than 2.4 million people. The court filing said plaintiffs in at least seven of the 10 cases arising from the incident support the settlement.
The attorneys in the case seek a third of the settlement, or almost $1.6 million.
The payout for the class would amount to about $1.30 each if all of the roughly 2.4 million people submit a claim. Three class members who acted as lead plaintiffs stand to receive $2,000 each. Class members have the right to object to the proposed settlement.
But plaintiffs lawyers called the the deal “fair.”
“By settling now, the settlement class can take advantage of remedies that would be unavailable or worth substantially less by the time of a litigated final judgment,” the court filing stated. It seeks preliminary approval for the settlement and certification of the class. A final approval hearing likely would follow about 100 days afterward.
SA Inc.: Get the best of business news sent directly to your inbox
CaptureRx’s insurer is contributing less than half of the settlement amount, Hotchkiss said. Company owners will pay the remaining amount out of their own pockets.
A lead plaintiff in one of the actions is Daisy Trujillo of Merced County, Calif., a longtime Rite Aid customer who received notice of the breach. Afterwards, she said in the complaint, her cellphone was “inundated with spam” calls and her email was “flooded with spam emails.”
Personal information obtained in the breach can be sold on the “dark web,” the suit added. “Drug manufacturers, medical device manufacturers, pharmacies, hospitals and other health care providers often purchase” personal identifiable information and personal health information “on the black market for the purpose of target marketing their products and services to the physical maladies of the data breach victims themselves.
“Insurance companies purchase and use wrongfully disclosed” personal health information “to adjust insureds’ medical insurance premiums,” it said.
Sensitive health care data can sell for as much as $363 for each record, the suit added, citing the Infosec Institute.
Trujillo accused CaptureRx and Rite Aid of failing to comply with the Health Insurance Portability and Accountability Act, which was enacted in 1996 to protect sensitive patient health information.
