Tampa General Hospital has consented to pay $6,800,000 to settle a class action lawsuit associated with a cyberattack in 2023 where unauthorized access to systems compromised the protected health information (PHI) of over 2 million individuals.
The attack on the HIPAA-covered entity was discovered on May 31, 2023. According to the forensic investigation, hackers accessed its system for about three weeks from May 12 to May 30, 2023. In that time frame, the hackers extracted files that contained patient information including names, birth dates, contact details, Social Security numbers, medical insurance data, and some treatment details. At first, the breach was thought to impact about 1.2 million patients. However, a later report submitted to the HHS’ Office for Civil Rights indicated that up to 1,313,636 individuals were affected. The breach report was subsequently corrected to show that approximately 2,430,920 people were impacted.
Several class action lawsuits were submitted and combined into a single action. The DiPierro, et al. v. Florida Health Sciences Center Inc. d/b/a Tampa General Hospital lawsuit was filed in the 13th Judicial Circuit Court for Hillsborough County, Florida. Allegedly, Tampa General Hospital was negligent as it failed to carry out reasonable and proper cybersecurity procedures to avoid unauthorized access to patient information. If the implementation of proper measures had been in place, the data breach might have been avoided. Tampa General Hospital states that it did no wrong; nevertheless, it decided to offer a settlement to end the litigation, stop further legal charges, and steer clear of the uncertainty of trial.
As per the settlement, Tampa General Hospital created a fund of $6.8 million to pay for attorneys’ fees, legal expenses, cash awards for class members, and claims for reimbursement of losses. Persons who got notification letters sent by the Florida Health Sciences Center concerning the data breach may opt to file claims for losses suffered due to the data breach or otherwise get a cash payment.
If the previous benefits are selected, class members may file claims for compensation of up to $1,500 documented ordinary losses, up to $7,500 documented extraordinary losses, and up to 4 hours of lost time ($25 per hour) used for taking care of the data breach. When the cash award is selected, class members can decide to get paid a flat amount of $125. These payments will be adjusted pro rata based on the number of claims filed and the sum claimed. Besides the previously mentioned benefits, the settlement gives all class members a year of complimentary three-bureau credit monitoring services.
The court has given its preliminary approval of the settlement. The last day to file for exclusion from and objection to the settlement has expired. Claims should be filed on or before January 12, 2025. The schedule of the final approval hearing is on February 3, 2025. Additional details are posted on https://floridahealthsettlement.com/
Image credit: Felix Mizioznikov, AdobeStock / logo©TGH
