CorrectCare Integrated Health Pays $6.49 Million to Settle Data Breach Lawsuit

by | Sep 27, 2024

CorrectCare Integrated Health LLC (CorrectCare) settled a class action lawsuit associated with a 2022 data breach impacting approximately 600,000 individuals. The court gave the final approval for the settlement that cost CorrectCare $6.49 million.

Third-party administrator CorrectCare based in Kentucky helps correctional facility inmates access healthcare providers and handles medical claim payments. In July 2022, CorrectCare discovered a web server misconfiguration that had left two file directories publicly accessible on the Internet without requiring authentication. As a result, sensitive data was exposed online from January 22, 2022 until July 7, 2022. The compromised information included names, birth dates, inmate numbers, and limited health details such as CPT codes, diagnosis codes, treatment dates, providers, and, in some cases, Social Security numbers. The affected individuals received treatment from January 1, 2012 to July 7, 2022.

In December 2022, Shub & Johns law firm filed a class action lawsuit in the U.S. District Court for the Eastern District of Kentucky. On March 23, 2024, an amended complaint was filed with co-lead counsel Benjamin F. Johns, an S&J partner. Despite CorrectCare’s motion to dismiss the case, the lawsuit proceeded until the plaintiffs and CorrectCare reached a tentative settlement. Preliminary approval for the settlement was granted in April 2024, and the claims submission deadline was set for August 27, 2024. On September 17, 2024, Chief Judge Danny C. Reeves granted final approval for the settlement worth $6.49 million.

Over 100,000 claims were submitted, representing about 17% of the class. Some people failed to file a claim on the original deadline but class counsel gave an extension for filing claims. Class counsel noted that many persons involved in the lawsuit would not have pursued legal action by themselves. Without the class action, the breach victims might not have been paid for the breach. 33% of the $6.49 M settlement will cover the legal fees. $12,313 will be for the litigation expenses, and five named plaintiffs will each get a $2,500 service award.

Though CorrectCare had settled the lawsuit, it is a must for the company to look into providing HIPAA training for employees to help avoid future data breaches.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy