Avem Health Partners and Roper St. Francis Healthcare Opted to Settle Data Breach Lawsuits

by | Mar 29, 2024

Avem Health Partners Pays $1.45 Million to Settle Class Action Data Breach Lawsuit

Avem Health Partners agreed to pay a $1.45 million settlement to settle claims associated with a 2022 data breach affecting the protected health information (PHI) of 271,303 persons. Avem Health Partners based in Oklahoma City is an administrative and technology services provider to healthcare companies. On May 16, 2022, hackers acquired access to the servers of 365 Data Centers, one of Avem Health Partners’ vendors. The unauthorized access happened on May 14, 2022, but Avem Health Partners became aware of the data breach on September 9, 2022.

The compromised information included names, birth dates, driver’s license numbers, Social Security numbers, medical insurance data, and diagnosis and treatment details. Avem Health Partners notified the impacted persons in December 2022. The lawsuit Bingaman, et al. v. Avem Health Partners Inc. was subsequently filed by the plaintiffs asserting that their PHI was negligently stored. If proper cybersecurity steps had been implemented and employees received hipaa training, the breach might have been avoided. Avem Health Partners decided to resolve the lawsuit without accepting any wrongdoing.

Claims are to be accepted from those who received notification concerning the data breach from Avem Health Partners. Claims could be filed for as much as $7,000 to pay out-of-pocket expenditures resulting from the data breach, which include credit costs, bank charges, lost money due to identity theft and fraud, and approximately 5 hours of lost time valued at $25 an hour. Persons who don’t file claims to be compensated for losses are entitled to be given a cash payment of around $100, even though that amount might be lower based on the number of claims.

Irrespective of the option selected, class members shall be qualified to get free identity theft protection and credit monitoring services for three years, which come with a $1 million identity theft insurance plan. The due date for objection to and exemption from the arrangement is April 25, 2024, and the schedule of the final approval hearing is on May 10, 2024.

Roper St. Francis Healthcare Pays $1.5 Million to Resolve Data Breach Lawsuit

Roper St. Francis Healthcare has decided to pay $1.5 million to resolve a class action lawsuit filed because of a 2020 data breach. Roper St. Francis Healthcare is a healthcare system based in South Carolina that manages 4 hospitals and over 117 healthcare centers. At the end of October 2020, Roper St. Francis Healthcare confirmed the compromise of three email accounts after employees replied to phishing emails. Unauthorized individuals accessed the email accounts from October 14 to October 29, 2020. The exposed accounts included the PHI of 89,761 individuals, which included brands, patient account numbers, medical record numbers, birth dates, and some treatment and clinical details, like dates and locations of service, names of providers, and billing details.

The data breach prompted the filing of the lawsuit. The plaintiff claimed that Roper St. Francis Healthcare failed to implement fair and proper cybersecurity procedures. Further, Roper St. Francis Healthcare should have known its susceptibility to cyberattacks since it had encountered several data breaches previously. Roper St. Francis Healthcare disagreed with the plaintiffs’ statements and decided to resolve the lawsuit without admitting any wrongdoing.

Based on the settlement, those who received a notification letter regarding the data breach from Roper St. Francis Healthcare could claim up to $325 as compensation for expenses related to the data breach, for instance, credit expenses and bank charges, and around four hours of lost time valued at $20 an hour. In case of sustained extraordinary expenses because of identity theft and fraud, claims as much as $3,250 may be filed. All class members are eligible for free credit monitoring services for one year, besides those already provided in the individual notifications regarding the data breach. The due date for filing an exemption from or objection to the settlement is on or before April 30, 2024. The schedule of the final approval hearing is on May 2, 2024.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy