Conway Regional Medical Centre in Arkansas has decided to settle a class action lawsuit with $295000 to resolve claims that it didn’t adequately protect patient information. This careless action exposed both the health and personal data of patients to criminals. Though the hospital maintains that its cyber defenses are meritorious, they have agreed to settle the claims for bringing an end to the litigation.
Settlement website – ConwayDataSettlement.com
Objection deadline – 12/21/2022
Exclusion deadline – 12/21/2022
Claim Form – https://www.conwaydatasettlement.com/page/preclaim
Deadline for submitting the claim – 02/20/2023
Final Hearing date – 02/07/2023
Settlement amount – $295K
Potential claim amount – Up to $890
Proof of purchase – Documents like invoices or bills showing the claim amount and proof of bill payment can serve as viable proof of purchase while claiming for economic losses. Documents shall have to be submitted showing that the claim was denied by IDX and that the IDX claims process was exhausted. A signed statement shall have to be submitted indicating the losses can be fairly traceable to the data breach. Plaintiffs will have to provide proof that the total claim has not been reimbursed and a signed copy of Internal Revenue Service (IRS) Form 14039 alongside a statement that the form was submitted to the IRS.
The class comprises people who:
- Entrusted personally identifiable information or protected health information to Conway
- Had that information potentially accessible in the data breach
- Is not an affiliate, legal representative, attorney, heir, assign, officer, director, or employee of the defendant or any entity in which the defendant has a controlling interest.
Class members are eligible for identity-protection services for documented economic losses suffered by them up to $850 as part of the settlement. The reimbursement shall be made for lost time with a claim showing that the lost time is fairly traceable to the data breach and also for economic losses suffered.
According to the lawsuit, cybercriminals breached the Conway Regional Medical Center’s data systems on or about 26th June 2019 thus exposing the personal and health information of patients. The credentials that were exposed include medical details, health insurance information, and social security numbers, all of which were accessed by a malicious third party in an email phishing attack.
This non-profit regional medical system located in Northcentral Arkansas has agreed to offer reimbursement of documented economic losses and identity-theft protection services to class members under the terms of the settlement. Class members can sign up for two years of IDX Identity Protection Services. They might submit a form for enrolling in the identity theft protection services and will have to activate the plan as per the instructions offered.
The class members can submit claims for up to $850 in documented economic losses. However, they should have elected and enrolled in the IDX Identity Protection Services offered by the settlement, and submitted a reimbursement claim which would have been denied by IDX causing the class member to exhaust IDX’s claims process. Class members won’t be able to submit a claim for reimbursement if their IDX reimbursement claim was rejected for failure to submit a claim within the required period of IDX. Plaintiffs cannot claim reimbursement of losses under the settlement if the claim was denied as class members failed to offer sufficient documentation.
A maximum claim can be made by class members up to $40 for lost time dealing with the data breach. The claim for lost time can be made whether the class members made a claim for economic losses or they enroll in the IDX protection. Class members will automatically be considered part of the settlement class if they do nothing. But they will not receive any part of the settlement fund if they don’t fill out forms. Those failing to take any action will also be giving up their right to sue regarding the data breach.
