Magellan Health has decided to resolve a class action data breach legal action and will set up a $1.43 million funding to pay for claims submitted by patients impacted by the data breach.
Patients whose protected health information (PHI) was compromised in a phishing attack in May 2019 filed the legal action, Dearing v. Magellan Health Inc. et al., in the Arizona Superior Court versus Magellan Health Inc. and Magellan RX Management, LLC. Unauthorized persons acquired access to email messages and file attachments that had patients’ PHI, such as names, health details, and Social Security numbers. Roughly 273,000 persons were impacted and had their PHI compromised.
The plaintiffs claimed the defendants did not carry out proper cybersecurity procedures to keep unauthorized individuals from accessing sensitive patient information. If there were safeguards put in place, the data breach would not have happened. The plaintiffs claimed the security problems violated the Health Insurance Portability and Accountability Act, though the legal action was filed in relation to the violation of state legislation.
The plaintiffs additionally pointed out how Magellan Health managed the data breach and the late issuance of notification letters. The phishing attack happened in May 2019, but it was detected only in July 2019. Notification letters were only provided to impacted persons in November 2019, which is 6 months after the breach. If notifications were issued earlier, the plaintiffs contended that they could have done something to defend against identity theft and fraudulence.
The defendants decided to resolve the lawsuit to avoid the rising legal expenses and to steer clear of the uncertainty of the trial. There was no admission of malpractice and no acceptance of any liability for the security breach. Based on the conditions of the settlement deal, there is a $1.43 million fund for payment of claims filed by the class members.
All class members are eligible to file claims as high as $225 to pay for regular out-of-pocket costs, including the expenses for credit reports, phone calls, and Internet consumption, and around 2 hours of lost time priced at $15 an hour. Class members with expenses sustained for credit monitoring and fraud services could likewise get paid for those expenses. Class members may file for extraordinary losses of as much as $2,500, for example, monetary losses because of fraud and identity theft, in addition to 3 hours more of lost time at $15 an hour. There must be appropriate documentation to support those claims.
Class members can opt not to join or can reject the settlement on or before November 15, 2022. The hearing for the final approval for the settlement is on December 2, 2022. Victims can submit their claims until December 15, 2022.