Tampa-based Florida Orthopaedic Institute has agreed to pay $4 million to settle allegations it failed to protect consumers in a 2020 ransomware attack, Top Class Actions reported Aug. 15.
In June 2020, the practice began notifying 640,000 patients that their protected health information may have been compromised in a data breach.
The cyberattack occurred two months previously when hackers accessed a server through a ransomware attack on encrypted data stored on the practice's servers. According to Florida Orthopaedic Institute, the hackers may have gained access to names, birthdates, Social Security numbers, medical information, insurance data and other health data.
A class-action suit, filed on June 30, 2020, alleged the practice did not properly secure protected health information and sought $99 million on behalf of patients and former patients affected by the breach.
Florida Orthopaedic Institute has not admitted any wrongdoing but agreed to establish a $4 million settlement fund to resolve the allegations.
Terms of the settlement state class members can receive a cash payment for out-of-pocket loss reimbursement and lost time. Covered out-of-pocket expenses include unreimbursed fraud or identity theft costs, professional fees, credit monitoring expenses and credit freezing costs.
Class members can claim up to $15,000 for out-of-pocket expenses and up to five hours of lost time at $25 per hour. The settlement also provides three years of identity restoration services.
The settlement's final approval hearing is set for Sept. 29.