The Methodist Hospitals Pays $425,000 to Settle Class Action Data Breach Lawsuit

The Methodist Hospitals Inc decided to resolve a class action lawsuit and allocated a $425,000 fund for claims filed by victims in relation to a data breach in 2019 that impacted about 70,000 patients.

The healthcare provider based in Gary, IN submitted an email security incident report to the HHS’ Office for Civil Rights on April 4, 2019. The protected health information (PHI) of 68,039 patients was potentially stolen because of the incident.

The investigation results showed that hackers obtained access to the email accounts of two employees from March 13, 2019 to July 8, 2019, after responding to phishing emails. Patient data including names, addresses, dates of birth, driver’s license numbers, Social Security numbers, Medicaid/Medicare numbers, usernames, passwords, treatment and diagnosis data, and payment card details were potentially exfiltrated.

After the data breach, the lawsuit Jones v. The Methodist Hospitals, Inc. has been filed in the Harris County District Court in Texas. Allegedly, The Methodist Hospitals failed to sufficiently secure the PHI of patients, which resulted in harm suffered by plaintiffs Samantha L. Gordon, and James Jones and members of the class.

The Methodist Hospitals did not admit to any wrongdoing. The investigation by OCR was closed without any action taken; nevertheless, the provider made the decision to resolve the lawsuit to prevent having to pay for higher legal expenses and the uncertainty of having a trial.

According to the terms of the settlement, class members who are eligible to file a claim may receive two years of additional credit monitoring and identity theft resolution services, a refund of economic losses, and a refund for time lost because of the data breach.

To claim for reimbursement, victims may submit documents of economic losses of up to $3,000 and/or submit claims for reimbursement of lost time amounting up to $300. The settlement is awaiting final approval scheduled for June 13, 2022. Claims can be filed starting October 6, 2022.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at