BJC Healthcare data breach class action settlement - Top Class Actions

BJC Healthcare data breach class action settlement
FOLLOW ARTICLE
000
By Top Class Actions
July 18, 2022
Barnes-Jewish Hospital sign on the top of the building in Saint Louis, MO, USA. Barnes-Jewish Hospital is a nonprofit teaching hospital, the largest in Missouri. BJC Healthcare data breach
(Photo Credit: JHVEPhoto/Shutterstock)
BJC Healthcare agreed to a class action lawsuit settlement to resolve claims its poor cybersecurity led to a 2020 phishing data breach.

The settlement benefits individuals who received a notice from BJC Healthcare that their information may have been compromised in a data breach on March 6, 2020.

BJC Healthcare is a St. Louis-based hospital system that provides services to the greater St. Louis area, southern Illinois and southeast Missouri. According to the company’s website, the nonprofit health care organization boasts over 30,000 employees and over $6 billion in net revenue.

In May 2020, BJC Healthcare announced it was the target of a phishing cyberattack. In the attack, three employee email accounts were allegedly accessed by a third party after the employees interacted with phishing emails — emails designed to look legitimate while giving hackers access to sensitive systems.

The March 6, 2020, data breach may have compromised sensitive patient data including names, medical records, birth dates, health insurance information, Social Security numbers and driver’s license data.



Affected consumers took legal action against BJC Healthcare, arguing the company could have prevented the data breach through reasonable cybersecurity measures. According to plaintiffs in the data breach class action lawsuit, BJC Healthcare’s negligence directly led to the cyberattack.

“BJC Healthcare owed a duty to Plaintiffs and Class members to implement and maintain reasonable and adequate security measures to secure, protect, and safeguard their [personal health information/personal identifying information (PHI/PII)] against unauthorized access and disclosure,” the data breach class action lawsuit contends.

“BJC Healthcare breached that duty by, among other things, failing to implement and maintain reasonable security procedures and practices to protect its patients’ PHI/PII from unauthorized access and disclosure.”

BJC Healthcare hasn’t admitted any wrongdoing but agreed to settle the case against it in a class action lawsuit settlement. The settlement total is not included in the settlement agreement.

Under the terms of the settlement, class members can be reimbursed for ordinary and extraordinary expenses resulting from the settlement.



Ordinary expense reimbursement is capped at $250 per person and includes bank fees, interest, credit monitoring costs, postage, mileage and up to three hours of lost time at a rate of $20 per hour. Larger payments of $5,000 are available for extraordinary expense reimbursement, which includes documented, unreimbursed monetary losses and up to three hours of additional lost time at a rate of $20 per hour.

The settlement also provides credit monitoring to class members. Under the terms of the deal, participating class members can receive two years of credit monitoring and identity theft insurance through IDX.

In addition to providing payments and credit monitoring, BJC agreed to make changes to its cybersecurity policies to better protect consumer data. New policies, mandatory training and an improved password policy are all included under the new cyber security approach. Additionally, BJC will spend an estimated $2.7 million to implement multifactor authentication for email access — reducing the risks of phishing.

The deadline for exclusion and objection is Aug. 16, 2022.

The final approval hearing for the settlement is scheduled for Sept. 6, 2022.



In order to receive a payment from the BJC data breach class action settlement, class members must submit a valid claim form by Dec. 14, 2022.

Who’s Eligible
The settlement benefits individuals who received a notice from BJC Healthcare that their information may have been compromised in a data breach on March 6, 2020.

Potential Award
Up to $5,000

Proof of Purchase
A Login and Password from the Notice you received will be needed to login. If you do not have the Login and Password, contact the Settlement Administrator at (866) 742-4955 or. [email protected] in order to request that it be resent. Other documentation will be required to receive maximum payout.

Claim Form
CLICK HERE TO FILE A CLAIM »
NOTE: If you do not qualify for this settlement do NOT file a claim.

Remember: you are submitting your claim under penalty of perjury. You are also harming other eligible Class Members by submitting a fraudulent claim. If you’re unsure if you qualify, please read the FAQ section of the Settlement Administrator’s website to ensure you meet all standards (Top Class Actions is not a Settlement Administrator). If you don’t qualify for this settlement, check out our database of other open class action settlements you may be eligible for.

Claim Form Deadline
12/14/2022

Case Name
In Re BJC Healthcare Data Breach Litigation, Case No. 2022-CC09492, in the Circuit Court of the City of St. Louis State of Missouri

Final Hearing
09/06/2022

Settlement Website
BJCDataIncindent.com

Claims Administrator
RG/2 Claims Administration LLC
c/o RG/2 Claims Administration
P.O. Box 59479
Philadelphia, PA 19102-9479
[email protected]
866-742-4955

Class Counsel
Ben Barnow
BARNOW AND ASSOCIATES PC

J Gerard Stranch IV
BRANSTETTER STRANCH & JENNINGS PLLC

John F Garvey
CAREY DANIS AND LOWE

Kenneth J Brennan
Tyler Schneider
TORHOERMAN LAW LLC

Aaron Zigler Esq
ZIGLER LAW GROUP

Defense Counsel
Paul G Karlsgodt
BAKER & HOSTETLER LLP

Matthew D Knepper
HUSCH BLACKWEL