600000 Prison Inmates to Share in 649M Breach Settlement
p
Healthcare
Industry Specific
Legislation Litigation
ppA misconfigured web server and the exposure of sensitive information for nearly 600000 prison inmates in 2022 will cost medical claims processing company CorrectCare 649 million to settle a consolidated proposed class action lawsuit according to court recordsppSee Also The Healthcare CISOs Guide to Medical IoT SecurityppThe incident affected inmates who received medical care between January 2012 and July 2022 in correctional facilities in Louisiana Georgia South Carolina and California for which the firm CorrectCare Integrated Health provided claims processing services see Misconfigured Server Exposed PHI of 600000 InmatesppCorrectCare clients included the Louisiana Department of Public Safety and Corrections Sacramento County Adult Correctional Health and Mediko Correctional Healthcare a firm that provides medical and mental health services to inmates at correctional facilities CorrectCare reported the breach to federal regulators in November 2022ppExperts say the case demonstrates that even prison inmates can succeed in class action privacy claimsppThis is a case with a different set of variables than we often see a particularly vulnerable population that may not have realistic access to many of the typical means of protection in the event of a security breach said privacy attorney Kirk Nahra of the law firm WilmerHale which is not involved in the CorrectCare litigationppIn general it is critical to ensure that security protections are substantial for this population going forward he saidppUnder the settlement agreement that a federal Kentucky court finalized on Sept 17 class members who submitted eligible claims can receive up to 10000 each for unreimbursed outofpocket losses that are fairly traceable to the data breach ppThat includes bank fees certain phone charges credit reports and other expenses as well as actual fraud occurring from the time of the breach in 2022 until Aug 27 2024ppAs an option class members can also choose a yetundetermined alternative cash payment based on a formula contained in the settlement agreement involving what is left of the settlement fund after other claims are paidppEligible class members from California also may receive an unspecified additional cash payment due to the California Consumer Privacy ActppThe five lead plaintiffs in the case will receive 2500 service awardspp Counsel notes that these plaintiffs exposed themselves to reputational harm by placing their names on the complaint Not only will the public know that their data has been breached but it will be revealed that they were incarcerated court documents saidppPlaintiff attorneys are set to receive about 21 million or about onethird of the settlement fundppWhile the plaintiffs and class members may be novel some experts noted that the settlement payments appear somewhat less than often seen in other recent health data breach class action settlementsppClass members are inmates of correctional institutions This class action settlement gives them lower benefits than data breach victims typically receive probably because of issues related to their status said regulatory attorney Paul Hales of Hales Law Group who was not involved in the CorrectCare caseppIn addition potential of fivefigure cash payments some other recent multimillion dollar breach settlements involving involving thirdparty firms have offered credit and identity monitoring for several years to class members as well as injunctive relief requiring the breached organization to improve its data security practices see Law Firm to Pay 8M to Settle Data Hack LawsuitppNeither provisions are included in the CorrectCare settlementppBut the CorrectCare settlement is noteworthy because it sheds light on the American corrections industry Hales saidppCorrectCare is a thirdparty administrator for correctional facilities and a HIPAA business associate How diligent are correctional institutions in selecting vendors to perform HIPAAregulated services he said HIPAA security rule safeguards should detect an IT misconfigurationppNeither attorneys representing the plaintiffs nor CorrectCare immediately responded to Information Security Media Groups requests for comment on the settlementppThe amended consolidated class action complaint filed in January 2023 against CorrectCare alleged several claims including that the company was negligent in failing to protect the highly sensitive information of plaintiffs and class membersppCorrectCare failed to employ security standards commonly accepted among businesses and required by security standards of businesses that store protected health information and personally identifiable information and use the internet the lawsuit allegedppCorrectCare in a breach notice posted in November 2022 said it became aware of the exposure of information stores on its web server to the public July 6 2022 and that the two directories may have been exposed as early as Jan 2 2022ppAmong inmate data exposed were full names date of birth Social Security numbers California Department of Corrections and Rehabilitation numbers and certain health information such as a diagnosis code and current procedure terminology codeppCorrectCare blamed the incident on a misconfigured web serverppUpon discovery of the data exposure CorrectCare took immediate steps to remediate the exposure by securing the server in less than nine hours the company saidppExecutive Editor HealthcareInfoSecurity ISMGppMcGee is executive editor of Information Security Media Groups HealthcareInfoSecuritycom media site She has about 30 years of IT journalism experience with a focus on healthcare information technology issues for more than 15 years Before joining ISMG in 2012 she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeeks healthcare IT media sitepp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppCritical Infrastructure SecurityppDevSecOpsppGeo Focus AsiappSecurity and Exchange Commission compliance SECppppContinue pp
90 minutes Premium OnDemand
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcasepp600000 Prison Inmates to Share in 649M Breach Settlementpp600000 Prison Inmates to Share in 649M Breach Settlementpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing govinfosecuritycom you agree to our use of cookiesp
Healthcare
Industry Specific
Legislation Litigation
ppA misconfigured web server and the exposure of sensitive information for nearly 600000 prison inmates in 2022 will cost medical claims processing company CorrectCare 649 million to settle a consolidated proposed class action lawsuit according to court recordsppSee Also The Healthcare CISOs Guide to Medical IoT SecurityppThe incident affected inmates who received medical care between January 2012 and July 2022 in correctional facilities in Louisiana Georgia South Carolina and California for which the firm CorrectCare Integrated Health provided claims processing services see Misconfigured Server Exposed PHI of 600000 InmatesppCorrectCare clients included the Louisiana Department of Public Safety and Corrections Sacramento County Adult Correctional Health and Mediko Correctional Healthcare a firm that provides medical and mental health services to inmates at correctional facilities CorrectCare reported the breach to federal regulators in November 2022ppExperts say the case demonstrates that even prison inmates can succeed in class action privacy claimsppThis is a case with a different set of variables than we often see a particularly vulnerable population that may not have realistic access to many of the typical means of protection in the event of a security breach said privacy attorney Kirk Nahra of the law firm WilmerHale which is not involved in the CorrectCare litigationppIn general it is critical to ensure that security protections are substantial for this population going forward he saidppUnder the settlement agreement that a federal Kentucky court finalized on Sept 17 class members who submitted eligible claims can receive up to 10000 each for unreimbursed outofpocket losses that are fairly traceable to the data breach ppThat includes bank fees certain phone charges credit reports and other expenses as well as actual fraud occurring from the time of the breach in 2022 until Aug 27 2024ppAs an option class members can also choose a yetundetermined alternative cash payment based on a formula contained in the settlement agreement involving what is left of the settlement fund after other claims are paidppEligible class members from California also may receive an unspecified additional cash payment due to the California Consumer Privacy ActppThe five lead plaintiffs in the case will receive 2500 service awardspp Counsel notes that these plaintiffs exposed themselves to reputational harm by placing their names on the complaint Not only will the public know that their data has been breached but it will be revealed that they were incarcerated court documents saidppPlaintiff attorneys are set to receive about 21 million or about onethird of the settlement fundppWhile the plaintiffs and class members may be novel some experts noted that the settlement payments appear somewhat less than often seen in other recent health data breach class action settlementsppClass members are inmates of correctional institutions This class action settlement gives them lower benefits than data breach victims typically receive probably because of issues related to their status said regulatory attorney Paul Hales of Hales Law Group who was not involved in the CorrectCare caseppIn addition potential of fivefigure cash payments some other recent multimillion dollar breach settlements involving involving thirdparty firms have offered credit and identity monitoring for several years to class members as well as injunctive relief requiring the breached organization to improve its data security practices see Law Firm to Pay 8M to Settle Data Hack LawsuitppNeither provisions are included in the CorrectCare settlementppBut the CorrectCare settlement is noteworthy because it sheds light on the American corrections industry Hales saidppCorrectCare is a thirdparty administrator for correctional facilities and a HIPAA business associate How diligent are correctional institutions in selecting vendors to perform HIPAAregulated services he said HIPAA security rule safeguards should detect an IT misconfigurationppNeither attorneys representing the plaintiffs nor CorrectCare immediately responded to Information Security Media Groups requests for comment on the settlementppThe amended consolidated class action complaint filed in January 2023 against CorrectCare alleged several claims including that the company was negligent in failing to protect the highly sensitive information of plaintiffs and class membersppCorrectCare failed to employ security standards commonly accepted among businesses and required by security standards of businesses that store protected health information and personally identifiable information and use the internet the lawsuit allegedppCorrectCare in a breach notice posted in November 2022 said it became aware of the exposure of information stores on its web server to the public July 6 2022 and that the two directories may have been exposed as early as Jan 2 2022ppAmong inmate data exposed were full names date of birth Social Security numbers California Department of Corrections and Rehabilitation numbers and certain health information such as a diagnosis code and current procedure terminology codeppCorrectCare blamed the incident on a misconfigured web serverppUpon discovery of the data exposure CorrectCare took immediate steps to remediate the exposure by securing the server in less than nine hours the company saidppExecutive Editor HealthcareInfoSecurity ISMGppMcGee is executive editor of Information Security Media Groups HealthcareInfoSecuritycom media site She has about 30 years of IT journalism experience with a focus on healthcare information technology issues for more than 15 years Before joining ISMG in 2012 she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeeks healthcare IT media sitepp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppCritical Infrastructure SecurityppDevSecOpsppGeo Focus AsiappSecurity and Exchange Commission compliance SECppppContinue pp
90 minutes Premium OnDemand
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcasepp600000 Prison Inmates to Share in 649M Breach Settlementpp600000 Prison Inmates to Share in 649M Breach Settlementpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing govinfosecuritycom you agree to our use of cookiesp
