St. Joseph Health to pay $7.5M settlement to patients affected by 2012 data breach
Irvine, Calif.-based St. Joseph Health has finalized a class-action lawsuit settlement for a 2012 data breach. The health system will pay $7.5 million for the 31,000 affected patients to split. Each patient will receive a check for approximately $242, according to The Orange County Register.
In 2012, the personal health information of nearly 31,000 patients was exposed on the Internet. Such information included lab results and body mass indices. No Social Security numbers, financial data or addresses were breached, the health system said.
In addition to the $7.5 million settlement being awarded to the patients, St. Joseph Health also has paid $7.5 million in attorneys fees and costs, according to the report.
An additional $3 million will be made available for plaintiffs who suffered identity theft losses, who can apply for up to $25,000, according to the report.
In the time since the breach, St. Joseph spent more than $17 million on upgrading security systems and $4.5 million on credit monitoring for affected patients, according to the report.
"St. Joseph Health is pleased that we could come to a settlement on this issue and regrets any undue concern to our patients," according to a statement from the health system. "Since the situation was discovered, we have invested in a number of initiatives to ensure the continued security of patient data, including enhanced data security infrastructure. These measures and more are intended to provide for the safety and security of our patients’ information."
Note: This article was updated to include a statement from St. Joseph Health.
More articles on data breaches:
© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.