BJC Healthcare has agreed to resolve claims brought by plaintiffs that its poor cybersecurity was the reason behind a 2020 data breach incident. The settlement terms will benefit individuals who received a notice from BJC Healthcare regarding the compromise of their information in the 6th March 2020 data incident.
Settlement Website: BJCDataIncindent.com
Objection Deadline: 08/16/2022
Exclusion Deadline: 08/16/2022
Claim Form: https://bjcdataincident.com/claims_filing.html
Deadline For Submitting Claim Form: 12/14/2022
Final Hearing Date: 09/06/2022
Settlement Amount: $2.7M
Potential Claim Amount: Up to $5,000
Proof Of Purchase: Class members will have to use the login and password details sent in the notice for logging in to the portal. You can contact the settlement administrator at [email protected] or (866) 742-4955 requesting to resend the credentials if you don’t have the login and password information. Class members will have to provide other documentation for getting the maximum payout.
St. Louis-based hospital system BJC Healthcare offers its services to Southern Illinois, the greater St. Louis area, and southeast Missouri. This nonprofit healthcare organization earns more than $6 billion in net revenue with its 30000 plus employees. BJC Healthcare announced that it had fallen prey to a phishing cyberattack in May 2020. Three BJC employee email accounts were accessed in this data incident by a third party after the employees responded to phishing emails that carried the look and feel of legitimate emails. This move of the employees provided the hacker access to sensitive patient credentials including names, birth dates, medical records, Social Security numbers, health insurance information, and driver’s license data.
The consumers who were affected by this data breach took legal steps against BJC Healthcare. They argued that the company didn’t have reasonable cybersecurity measures in place which could have otherwise prevented the data breach. The plaintiffs blamed BJC Healthcare’s negligence as the direct reason behind the cyberattack in the data breach class action lawsuit. As per the lawsuit, it was the duty of BJC Healthcare to implement and maintain proper security measures which could secure, safeguard and protect both personal health information and personal identifying information of the plaintiffs from unauthorized access and disclosure. However, BJC healthcare couldn’t carry out this duty properly and this made the plaintiffs vulnerable to personal identity theft.
BJC Healthcare has agreed to settle this case despite not admitting any wrongdoing. As per the settlement terms, the class members will be reimbursed for both ordinary and extraordinary expenses arising out of this settlement. The maximum ceiling of ordinary expenses is $250 per person including interest, bank fees, postage, credit monitoring costs, mileage, and up to three hours of lost time @ $20/hour. Class members will be eligible for larger payments of $5000 for extraordinary expense reimbursement including unreimbursed, documented monetary losses, and up to three hours of additional lost time @ $20/hour. The settlement will also offer credit monitoring services to the class members who can receive two years of identity theft insurance and credit monitoring through IDX.
Other than the payments and credit monitoring services mentioned above, BJC Healthcare has also agreed to alter its cybersecurity policies for protecting consumer data in a better manner. Mandatory training, new policies, and an improved password policy will be included in the new cyber security approach. BJC has also agreed to spend an additional $2.7 million to reduce phishing risks by implementing multifactor authentication for email access.