$295,000 Settlement Offer by Conway Regional Medical Center to Resolve Data Breach Lawsuit

Non-profit healthcare system Conway Regional Medical Center located in north central Arkansas has offered to pay $295,000 to settle a class action lawsuit that was submitted for people impacted by a 2019 data breach.

The data breach in June 2019 involved unauthorized persons who accessed email accounts that contain the protected health information (PHI) of patients because the employees responded to phishing emails. The analysis of the email accounts showed they included patient names, addresses, medical data, Social Security numbers, and medical insurance details. The breach affected roughly 37,000 patients who had their data compromised.

After the breach, Faulkner County Circuit Court has the lawsuit Danielle Marshall vs Conway Regional Medical Center Inc filed. Allegedly, Conway Regional was at fault for not implementing proper safety measures to safeguard patient data. Because of the provider’s negligence, criminals were able to access the PHI of the plaintiff and class members. Conway Regional declares that it had put in place meritorious protection against phishing and threats. It was ready to strongly protect the lawsuit; nevertheless, it was decided to resolve the lawsuit to conclude the litigation and stop additional legal expenses. According to Conway Regional, it offered the settlement deal to take care of the disputed claims, but it doesn’t mean it admitted any wrongdoing or violation.

As per the conditions of the offered settlement, class members shall be qualified to get identity theft protection services via IDX for two years. Directions for registering for those services are complete in the settlement. As opposed to a lot of settlements that enable the submission of recorded losses, there are a few conditions. A claim of as much as $850 may be filed for compensation of recorded losses, however only by class members who have signed up for the IDX services that have turned them on as per the instruction. When a claim is initially filed via the IDX service and that claim is refused. Prior to filing a claim, class members should likewise maximize the IDX claim procedure. When IDX rejects the claim because of its non-submission during the permitted time period or because of inadequate documentation, class members cannot be entitled to get compensation as per the settlement. Class members could additionally claim approximately $40 for lost time that is linked to the data breach, distinct from any claim for reported losses, irrespective of whether they get enrolled in the IDX services.

To register for the IDX services, class members should fill out and submit the Election form before February 20, 2023. Compensation claims for financial losses and lost time should likewise be sent by February 20, 2023. The final day for exemption from or opposition to the settlement is going to be on December 21, 2022. The fairness hearing will be on February 7, 2023.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA