A U.S. District Court for the District of Nebraska judge preliminarily approved a settlement June 4 over a Nebraska Medicine data breach in fall 2020 that exposed tens of thousands of patients' protected health information, according to court documents.
Five details:
1. Judge Robert Rossiter Jr. signed off on the class-action settlement, to which the plaintiffs and Omaha-based Nebraska Medicine agreed May 25.
2. The class action concerns a malware attack that occurred on Nebraska Medical Center and University of Nebraska Medical Center's IT systems between Aug. 27 and Sept. 20, 2020.
3. During the attack, the unauthorized person stole copies of patient and employee information, including Social Security numbers, driver's license numbers, names, addresses, birthdates, medical record numbers and lab results.
4. The settlement will be offered to 125,902 people who received notification letters that their PHI was exposed during the incident, as well as 13,497 people who were notified that their Social Security numbers and/or driver's license numbers were exposed.
5. The court did not disclose the financial amount of the settlement but did say Nebraska Medicine is responsible for paying all costs in connection with the settlement notices and final amount.