UPMC settles data breach lawsuit for $450K

University of Pittsburgh Medical Center agreed to a $450,000 settlement to resolve allegations relating to a 2020 data breach that compromised the protected health information of about 36,000 patients, The National Law Review reported June 16. 

An unauthorized user had gained access to the email accounts of University of Pittsburgh Medical Center's legal counsel, Charles J. Hilton & Associates, between April and June of 2020. 

The compromised accounts contained personal health information including Social Security numbers, birth dates, financial account numbers, identification numbers, signatures, medical records and insurance information.

University of Pittsburgh Medical Center notified patients of the breach in December 2020, but the complaint alleged the hospital and Charles J. Hilton & Associates failed to safeguard patient data and failed to establish adequate cybersecurity measures. 

Under the terms of the settlement, class members are entitled to make a claim for a $250 cash payment as reimbursement for documented out-of-pocket expenses related to the data breach and may submit claims for up to $2,500 to recover fraudulent charges and costs related to identity theft, plus $30 for undocumented time spent dealing with the breach. 

All class members will also receive 12 months of complimentary credit monitoring. 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars