Franklin, Tenn.-based Community Health Systems has reached a settlement, which must be approved by the judge, in a class-action lawsuit over a 2014 data breach that affected 4.5 million people.
Four things to know:
1. CHS' computer network was the target of a cyberattack in April and June 2014. The company publicly announced the security incident in August 2014.
2. An investigation revealed hackers accessed CHS' computer network and stole information of patients who were referred for or received services from certain CHS-affiliated physician practices and clinics over a five-year period. Stolen data included names, addresses, birth dates, Social Security numbers, and, in some cases, telephone numbers and the names of employers.
3. Several lawsuits related to the security incident were filed against CHS. The cases were consolidated in 2015 to streamline the legal process.
4. The settlement agreement, which was filed in December, provides two types of payments to patients affected by the data breach. Each patient is entitled to up to $250 to cover time taken off work to deal with matters related to the security incident and out-of-pocket expenses, such as the cost of identity theft protection services. Patients who experienced identity theft or fraud due to the security incident are entitled to up to $5,000.
More articles on legal and regulatory issues:
8 latest healthcare industry lawsuits, settlements
New details on Amazon-Berkshire-JPMorgan health venture emerge: 5 things to know
Ex-CEO gets 46 months in prison for defrauding Florida hospital