CA Health System Reaches $340K Settlement Over Healthcare Data Breach
Salinas Valley Memorial Healthcare System agreed to pay $340,000 to settle a class-action lawsuit over a 2020 healthcare data breach.
Source: Getty Images
By Jill McKeon
- In a recent settlement, California-based Salinas Valley Memorial Healthcare System (SVMHS) agreed to pay up to $340,000 to class members impacted by a 2020 healthcare data breach.
According to a notice on its website, SVMHS first discovered a compromised employee email account on April 30, 2020. A few months later, the health system determined that a total of five email accounts were compromised. A July 2020 notice to patients said that the email inboxes included patient names, hospital account numbers, medical record numbers, service information, and attending physician’s information.
SVMHS said it disabled access and reset the passwords of the impacted email accounts. In a subsequent lawsuit, the plaintiff alleged negligence and violations of California’s Confidentiality of Medical Information Act (CMIA) and Unfair Competition Laws, Business and Professions Code §§ 17200 (UCL).
The lawsuit alleged that SVMHS failed to adequately safeguard patient information. SVMHS denied the allegations but agreed to settle the suit outside of court.
Class members have until August 26 to submit a claim for up to $750 to account for out-of-pocket expenses relating to the incident and up to four hours of time spend remediating the data incident.
Any funds not paid out to claimants will be used by SVMHS to improve its data security practices by engaging third-party auditors to conduct regular penetration tests and maintaining appropriate firewalls and access controls. The unused funds will also go toward implementing regular phishing and other security training, as well as regular computer system scans.
