Ransomware cyber attacks have been a prominent threat to the healthcare industry. In this case, First Choice Dental, a large dental practice with multiple locations across Wisconsin, was targeted by hackers in October 2023. The hackers gained access to sensitive information including patient names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, financial account numbers, and health information.
The incident was reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) under HIPAA and, at that time, OCR determined that at least 1,000 patients were affected by the ransomware attack. However, further investigation revealed that the breach was much more extensive and affected over 150,000 patients.
This triggered a class action lawsuit against First Choice Dental, alleging that the practice could have prevented the ransomware attack if it had maintained appropriate data security safeguards. HIPAA does not provide a private right of action for individuals that are affected by a HIPAA breach, but the claims asserted in this lawsuit included alleged negligence on the part of the dental practice, invasion of privacy, breach of fiduciary duty, and violations of Wisconsin law relating to confidentiality of patient information.
First Choice Dental has agreed to settle the lawsuit for a total settlement cost that is capped at $1,225,000. The settlement covers identify theft monitoring and protection for affected individuals, as well as reimbursement of out-of-pocket expenses the victims may have incurred as a result of the data breach.
Sign up to receive Rivkin Rounds at www.RivkinRounds.com.