HIPAA Compliance Training and Certification

HIPAA News

UNITE HERE Pays $6 Million to Resolve Data Breach Lawsuit

by | Mar 9, 2025

Oklahoma State University HIPAA Settlement

Labor Union, UNITE HERE, based in New York has consented to paying $6 million to settle a combined class action lawsuit that claimed the group’s inability to carry out proper cybersecurity measures to safeguard the sensitive information it kept. On October 20, 2023, UNITE HERE discovered unauthorized systems access. Hackers were confirmed to have accessed its network and files that contain the personal and protected health information (PHI) of members of selected health funds and local unions.

It wasn’t possible to know precisely the number of individuals affected, thus UNITE HERE decided to deliver notification breach letters to all 791,273 possibly impacted members. The compromised information during the incident included names, birth certificates, birth dates, driver’s licenses, state ID numbers, Social Security numbers, tribal ID numbers, alien registration numbers, passport numbers, marriage licenses, signatures, financial account details, and medical data.

Union members filed class action lawsuits. The lawsuits were combined into one case – In Re UNITE HERE Data Security Incident Litigation – filed in the United States District Court for the Southern District of New York. Besides negligence, the combined lawsuit stated claims of unjust enrichment, breach of implied contract, breach of confidence, and the New York Deceptive Trade Practices Act violation. UNITE HERE rejected the claims yet decided to resolve the lawsuit without admitting liability or wrongdoing to avoid the big expenses and uncertainty related to ongoing litigation. Updating the HIPAA training of employees is also in order.

As per the terms of the settlement, class members may file claims for around $5,000 for compensation of recorded, unreimbursed out-of-pocket expenditures connected to the data breach. Class members, whether or not they file a claim for losses, are eligible to receive a pro-rata cash payment. After paying all costs, expenditures, and claims, the cash payments will be divided according to the number of legitimate claims filed. Furthermore, class members can claim credit monitoring and identity theft protection services for 2 years.

The last day for filing an exclusion from and opting out of the settlement is  April 11, 2025. Claims should be filed on or before April 28, 2025. The schedule for the final fairness hearing is May 12, 2025.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy