Patients of Community Health Systems’ (CHS), who had their protected health information (PHI) illegally obtains in a hacking attack in 2014 have been offered compensation in relation to the violation of their private Private Health Information (PHI).
Tennessee-based Community Health Systems manages more than 200 hospitals, meaning it is one of the biggest healthcare systems in the United States.
In 2014, CHS noticed that malware had been downloaded to its network. The malware permitted unauthorized actors to obtain access to patient information between April and June 2014. The cyberattack is thought to have been carried out by hackers located in China.
An advanced malware variant was wielded in the attack, which had the sole aim of obtaining sensitive information. An investigation into the breach revealed that that patient data including names, addresses, phone numbers, dates of birth, and Social Security numbers had been obtained. The PHI of 4.5 million patients was stolen by the hackers.
When it occurred it was the largest healthcare data breach to be submitted to the Department of Health and Human Services’ Office for Civil Rights and still ranks as one of the top six healthcare data breaches ever.
In the aftermath of the the breach, many legal actions were filed by patients seeking compensation for the theft of their personal information. The lawsuits were joined together into a single lawsuit, which survived attempts by CHS to have the case struck out. A settlement has now been reached to resolve the legal action.
The settlement states that two different payments for breach victims will be paid out. Those who can prove they have incurred out-of-pocket expenses due to the breach and/or can show evidence of time lost securing their accounts, can claim up to $250 in compensation. Individuals who have been impacted by identity theft or fraud as a result of the breach can recover up to $5,000 in losses.
Legal fees adding up to $900,000 have also been incorporated in the settlement agreement along with a payment of $3,500 for each representative class member.
To qualify for payment, a compensation claim must be filed by August 1, 2019. Individuals who do not wish to be included in the settlement and those who would like to submit an objection, have until May 18 to get in touch with CHS.
The settlement must still be reviewed for fairness and approved by a judge. A hearing has been scheduled to take place on August 13, 2019.
