February 25, 2023 — In September 2021, cybercriminals launched a targeted attack against Advent Health Partner’s system, which resulted in a data breach case that affected over 61,000 patients. Thousands of personally identifiable information (PII) were compromised, which included first names, last names, driver’s license numbers, health insurance documents, medical treatment, and financial records.
Table of Contents
The data breach was so massive that it led to a class action lawsuit in which Advent Health Partners was accused of failing to exercise reasonable measures to safeguard sensitive patient data. The class action lawsuit was filed on behalf of the patients whose sensitive PII were stolen, ultimately leading to the access and exploitation of private health information.
According to the complaint filed, “Advent Health Partner’s notice of the Data Breach was not just untimely but woefully deficient, failing to provide basic details, including but not limited to, how unauthorized parties accessed its networks, whether the information was encrypted or otherwise protected, how it learned of the Data Breach, whether the breach occurred system-wide, whether servers storing information were accessed, and how many customers were affected by the Data Breach.”
The plaintiff also accused Advent Health of failing to notify the affected patients promptly. The lawsuit also stated that it took more than six months for the defendant to disclose the data breach, further exacerbating the extent of the damage. On top of this, the Nashville-based healthcare technology company failed to provide a reasonable explanation for the delay.
As a result, the affected patients have and will continue to experience all sorts of data breach-related issues, such as identity theft, credit card fraud, and unauthorized email account access.
The lawsuit also alleged that Advent Health’s failure to safeguard personally identifiable information, including its delay in sending out breach notifications, has violated several HIPAA and FTC regulations. Although the company had already taken steps to rectify the breach, it had already compromised the sensitive information of thousands of patients.
According to the Health Insurance Portability and Accountability Act (HIPAA), covered entities must send the breach notifications within 60 days without any unreasonable delay.
Fast forward to February 2023, Advent Health Partners has agreed to pay $500,000 in place of the class action lawsuit, ultimately leading to a settlement agreement.
Who Is Eligible?
The settlement agreement benefits those who received the company’s mailed notification of the incident. Individuals affected by the breach are eligible to claim up to $750 as reimbursement for any expenses incurred, including but not limited to out-of-pocket losses, bank fees, and lost time, with a rate of $18 per hour.
Meanwhile, those who experienced extraordinary losses, such as documented fraudulent charges, may receive reimbursements not exceeding $5,000. Eligible individuals can also opt to receive up to three years of free credit monitoring through IDX.
In addition, the claims solutions provider, whose services include automated chart retrievals, has also agreed to implement better security enhancements. It is also part of their ongoing effort to safeguard sensitive patient data from future cyberattacks.
Filing a claim
As of this writing, the deadline for the claim has passed. You may contact Advent Health Settlement via their official website for further inquiries.
Increasing Trend of Healthcare Data Breach Lawsuits and Settlements
Over the years, the healthcare industry has experienced an alarming increase in data breach incidents. Ultimately, this resulted in unrelenting concerns about data privacy and security. Healthcare organizations continuously face the challenge of implementing robust security measures to protect PHI from ever-evolving cyber threats.
In addition, the increasing trend in data breach cases and costly lawsuit settlements has driven healthcare organizations to take a proactive approach and invest in advanced security technologies. Moreover, implementing end-to-end encryption and multi-factor authentication has become crucial for ensuring patient data confidentiality and integrity.
To ensure compliance, healthcare organizations must conduct regular security audits to assess and identify potential threats and take the necessary action when needed. Educating staff and providing comprehensive data security training is also crucial for protecting sensitive patient information.
Reducing the Risk of Data Breach Cases
Much like what happened to Advent Health Partners, your healthcare company or organization could also fall victim to an information breach. With patients becoming increasingly aware and willing to take legal action, it is crucial to demonstrate your organization’s commitment to safeguarding protected health information.
One way to do this is by partnering with reputable services that can provide secure data storage and patient information management solutions. It is also a must to adhere to HIPAA regulations to reduce the risk of lawsuits.