Great Expressions Dental Centers Pays $2.7 Million to Resolve Data Breach Lawsuit

by | Oct 26, 2024

Great Expressions Dental Centers decided to resolve a class action lawsuit arising from a 2023 data breach that affected the personal data and protected health information (PHI) of 1,925,397 people.

Great Expressions Dental Centers based in Bloomfield Hills, MI, which manages 246 dental practices in 9 U.S. states, encountered a cyberattack last February 2023 that impacted its IT systems. The hackers accessed its systems 6 days from February 17 to February 22, 2024, and exfiltrated patient data files. Those files included data like names, dates of birth, contact details, driver’s license numbers, Social Security numbers, financial account data, credit/debit card numbers, billing data, medical insurance details, prescription data, diagnoses, treatment details, x-ray photos, and medical and dental backgrounds. Great Expressions Dental Centers mailed notification letters to the impacted individuals at the beginning of May 2023.

Many lawsuits have been filed because of the data breach. These lawsuits were combined into one class action – In re Great Expressions Data Security Incident Litigation – filed in the U.S. District Court for the Eastern District of Michigan. The plaintiffs claimed Great Expressions Dental Centers did not apply reasonable and proper cybersecurity procedures to safeguard the sensitive information stored on its system. Insufficient HIPAA training and protection meant hackers could access its internal system and steal patient information.

Great Expressions Dental Centers did not admit any wrongdoing but decided to resolve the lawsuit to end the litigation and prevent the uncertainty of trial. Based on the conditions of the settlement, the dental center will create a $2.7 million fund to pay the plaintiffs’ and class members’ claims, attorneys’ rates, and legal expenses. People who got a notification letter from Great Expressions Dental Centers are eligible to claim the benefits. The nature of those benefits is dependent on whether people had exposed their Social Security numbers (SSNs) during the cyberattack. The SSN subclass is eligible to get paid up to $500 cash aside from submitting a claim for ordinary and extraordinary expenses. The maximum cash payments are fixed at $300,000 and claimants will receive payments pro rata in case that total is hit.

For the SSN subclass, claims could be filed for as much as $500 for ordinary expenses sustained from February 17, 2023, to the claims due date. Ordinary costs may consist of around 2 hours of lost time valued at $20 an hour. Claims may be filed for extraordinary expenses up to $5,000, which consist of unreimbursed expenditures reasonably trackable to the data breach that is not included under ordinary expenditures. Claims for reimbursement of losses must have proper documentation. The non-SSN subclass could file a claim for around 2 hours of lost time valued at $20 an hour.

The court has given the settlement its initial approval. The schedule of the final fairness hearing will be on December 12, 2024. Filing an exclusion from an objection to the settlement is no longer possible. But claims submission is until November 8, 2024. The legal representatives of the Class were Joseph M. Lyon of the Lyon Firm and Patrick A. Barthle II of the Morgan & Morgan Complex Litigation Group.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy