Settlement Proposed By San Juan Regional Medical Center For Class Action Data Breach Lawsuit

A settlement has been proposed by Famington, New Mexico-based San Juan Regional Medical Center (SJRMC) in hopes to resolve an ongoing class action lawsuit concerning a data breach in September 202 that involved the PHI of approximately 69,000 individuals. 

According to the lawsuit, threat actors had gained access to SJRMC’s network and obtained files containing the personally identifiable information of its patients. The information gathered included full names, Social Security numbers, driver’s license numbers, financial account numbers, passport information, health insurance information, treatment information, diagnoses, medical record numbers, and patient account numbers. The medical center identified that the breach was a result of malware. In response to the breach, SJRMC is offering a year of complementary credit monitoring to affected patients. 

On behalf of Jeremy Henderson, a patient at SJRMC, and other individuals who were similarly impacted by the breach, a lawsuit was filed in the name of Henderson, et al. v. San Juan Regional Medical Center. SJRMC was accused of negligence in the case for failing to effectively protect patient data. Even if a HIPAA breach did not result in legal action, the complaint claimed that the absence of adequate protections did. SJRMC decided to settle the case in order to avoid additional legal expenses and the uncertainty of a trial, but it has made no admissions of guilt and disclaimed any responsibility for the cyberattack and data breach. The settlement includes a subclass of persons who were informed by SJRMC that their Social Security, financial account, driver’s license, or passport numbers may have been impermissibly disclosed as well as everyone whose personally identifiable information or protected health information was compromised as a consequence of the cyberattack.

According to the settlement’s conditions, each person impacted by the breach will receive two years of free credit monitoring and identity theft protection services, and the subclass will also be able to file a claim for up to $2,500 in damages for losses sustained as a result of the breach. These losses include out-of-pocket expenses, reimbursement for fees for credit reports, credit monitoring, or other identity-theft insurance products acquired after October 13, 2022, reimbursement at the rate of $17.50 per hour for time lost due to the cyberattack if at least one hour was lost dealing with the consequences of the data breach, and reimbursement for verified monetary losses.

Tags

Stan Martin

Stan Martin

Stan Martin is a journalist writing about all aspects of the healthcare sector. Stan's reporting spans a wide array of topics within healthcare, from medical advancements and health policy to patient care and the economic aspects of the healthcare industry. Stan has contributed hundreds of news articles to Healthcare IT Journal, demonstrating a commitment to delivering factual, comprehensive news.

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name