Dental Care Alliance decided to resolve a class action lawsuit filed due to a data breach that affected approximately 1.7 million people. A $3 million fund was reserved to cover claims from persons impacted by the breach.
Dental Care Alliance, LLC is a dental support organization based in Sarasota, FL with over 320 affiliated dental practices throughout 20 states. Dental Care Alliance stated its systems had been compromised on September 18, 2020. The company detected the breach on October 11, 2020, which was contained on October 13, 2020. The forensic investigation reported the potential compromise of names, addresses, patient account numbers, dentist’s names, diagnoses, treatment data, billing details, payment card details, and health insurance data. Patients received notification regarding the breach in December 2020.
The breach report filed with the HHS’ Office for Civil Rights at first indicated 1,004,304 people were affected, however, it was later corrected to 1,723,375 persons. Dental Care Alliance mentioned there was no particular evidence of data theft identified and it did not know of any misuse of patient information. In spite of the involvement of highly sensitive records, the organization didn’t offer credit monitoring services.
The Paras v. Dental Care Alliance, LLC, Case No. 22-ev-000181 lawsuit was filed in the State Court of Fulton County, Georgia, for the people impacted by the data breach. Allegedly, Dental Care Alliance failed to properly secure patient information and the plaintiffs said that if reasonable cybersecurity procedures had been put in place, the security breach would have been averted. The plaintiffs alleged that they encounter a greater risk of identity theft and fraud because of the fault of Dental Care Alliance and that their sensitive personal data and protected health information (PHI) are already in the possession of data thieves.
Dental Care Alliance has suggested a settlement to deal with claims related to the information breach although has not admitted any wrongdoing. As per the terms of the settlement, $3 million funding will be set aside to pay for claims from affected persons, and two years of identity theft protection services are being provided to all impacted people. Those services consist of dark web monitoring and coverage by a $1 million identity theft insurance policy.
All class members are eligible to submit claims of as much as $2,000 for documented losses as a result of the data breach, and up to 2 hours of lost time at $20 per hour. People part of a settlement subclass could file additional claims for as much as $3,000 for documented losses and an additional two hours of lost time. The limit for claims is $3,000,000. Claims shall be paid pro rata when it’s more than that amount. The attorneys for the plaintiffs will request the court to get fees of $850,000 and $1,500 payments for the class representatives. With the conditions of the settlement, Dental Care Alliance has agreed to carry out extra data security measures.
The scheduled hearing for the final approval of the settlement is on Sept. 1, 2022. The July 26, 2022 deadline for opting out of the settlement has now passed. Claims should be submitted prior to August 25, 2022.