HIPAA Clicks

The Malden, Massachusetts-based Mystic Valley Elder Services has agreed to pay $520,000 to settle a consolidated class action lawsuit stemming from an April 5, 2024, data breach. Unauthorized individuals gained access to the network of Mystic Valley Elder Services and potentially obtained the names, dates of birth, passport numbers, financial account numbers, payment card numbers, online credentials, taxpayer identification numbers, Social Security numbers, driver’s license numbers, health insurance information, and medical information of more than 89,600 individuals.

Five class action complaints were filed in response to the data breach, which were consolidated in the Middlesex County Superior Court in Massachusetts. The consolidated class action lawsuit – In re Mystic Valley Elder Services Inc. – alleged that the data breach occurred as a result of cybersecurity failures, Mystic Valley Elder Services failed to detect the unauthorized activity in a timely manner, and did not send timely notifications to the affected individuals, who did not learn about the data breach until 6 months later.

The lawsuit asserted claims of negligence, breach of implied contract, breach of fiduciary duty, unjust enrichment, and violations of the Massachusetts Consumer Protection Act. The lawsuit sought injunctive relief, including an order from the court prohibiting the transmission of sensitive data via unencrypted email, storing protected health information in email accounts, and requiring a host of security measures to be implemented to ensure the privacy and security of patient data. Mystic Valley Elder Services denies all liability and wrongdoing.

While the lawsuit sought a jury trial; however, following mediation, all parties agreed to a settlement to avoid the cost, time, and uncertainty of a trial and related appeals. The settlement fund will be used to cover attorneys’ fees and expenses, settlement administration and notice costs, and service awards for the class representatives. The remainder of the settlement will be used to pay benefits to the class members.

Class members may claim a pro rata cash payment, estimated to be approximately $75 per class member. A claim may also be submitted for reimbursement of documented, unreimbursed losses due to the data breach, up to a maximum of $5,000 per class member. The settlement also includes two years of credit monitoring and identity theft protection services. The final fairness hearing has been scheduled for February 17, 2026. Claims must be submitted by February 9, 2026.

The post Mystic Valley Elder Services Agrees to Settle Class Action Data Breach Lawsuit for $520,000 appeared first on The HIPAA Journal.

HIPAA Clicks

Daily HIPAA News, HIPAA RSS Feeds, HIPAA Information

Mystic Valley Elder Services Agrees to Settle Class Action Data Breach Lawsuit for $520,000

HIPAA Compliance Checklist: A Quick Guide for 2026 – Security Boulevard

Upcoming HIPAA Compliance Deadline- HIPAA Notice of Privacy Practices Updates Required by February 16 – The National Law Review

There’s a New Sheriff in Town (and It’s HHS OCR): Time To Refocus on Part 2 Compliance Before February 2026 – JD Supra

Why Generic AI Can’t Process Medical Records – Programming Insider

System Hardening, HIPAA, and the Practical Path to Protecting ePHI | Foley Hoag LLP – Security, Privacy and the Law – JD Supra

Days after ChatGPT Health, Anthropic unveils HIPAA-ready Claude for providers – Tech Funding News

FREE WEBINAR NEXT WEEK: 2025 HIPAA Breaches & Fines. Avoid Being the Next Headline – The HIPAA Journal

Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation – The HIPAA Journal

Latest News from Around the Web

Categories