A former Maryland hospital pharmacist who is alleged to have engaged in a multi-year cyber spying campaign is facing up to 17 years in jail. Matthew Bathula, 41, of Clarksville, is alleged to have engaged in the spying campaign for more than 8 years between July 2016 and September 2024, during which time he intentionally accessed computers without authorization and used a range of cyber intrusion techniques to steal sensitive data, including installing keyloggers and cookie managers, file masquerading, and setting up mailbox rules to avoid detection.

According to the indictment, these techniques allowed Bathula to steal a range of sensitive data, including usernames, passwords, cookies, images, videos, and other sensitive data. The data obtained from his actions was used to spy on current and former employees, individuals in a relationship with current and former employees, and other individuals affiliated with his employer. Credentials were obtained for almost 200 victims, which were used to access their social media accounts, as well as Google Photos, Google Nest, iCloud Photos, dating apps, and Gmail and Microsoft 365 accounts. He also created mailbox rules to delete warning messages, such as Critical Security Alerts, to avoid detection. Since cookies were stolen, they allowed Bathula to maintain access to victims’ accounts on his personal devices that were not connected to his employer’s network.

Further, between February 2023 and July 2024, spyware was installed on one or more of his employer’s computers, allowing him to conduct video surveillance of people at work and record video content. That included accessing Internet-enabled cameras and using them to record videos of young doctors and medical residents pumping breastmilk in closed treatment rooms. He is also alleged to have used stolen credentials to access the home security systems of his victims, which included using those systems to record video footage of women breastfeeding, interacting with young children, and engaging in sexual acts with their partners.

Bathula has been charged with two counts of unauthorized access to a protected computer and one count of aggravated identity theft while working as a pharmacy clinical specialist for Company A, a medical system located in the District of Maryland. “Bathula’s alleged actions are a reprehensible invasion of privacy. He betrayed the trust of his employer and co-workers, as he gained access into the private worlds of nearly 200 victims without their knowledge or consent,” Hayes said. “We, along with our law-enforcement partners, are committed to holding individuals accountable who commit cybersecurity crimes, thereby harming unsuspecting people.”

If found guilty, Bathula faces up to 10 years in jail for the unauthorized access to a protected computer at Company A, up to five years for unauthorized access to victims’ protected computers, and up to two years for aggravated identity theft. The aggravated identity theft sentence will be consecutive to any other sentence imposed.

While Company A was not named in the indictment, Bathula was employed by the University of Maryland Medical Center (UMMC) as a clinical pharmacist. At least six current and former employees have taken legal action against UMMC over Bathula’s actions. The lawsuit, which was reported on by The HIPAA Journal in April 2025, asserted claims for negligence, negligent supervision and retention, negligent security, and intrusion upon seclusion-invasion of privacy. The lawsuit seeks a jury trial, compensatory, exemplary, and punitive damages, litigation expenses and attorneys’ fees, and injunctive and declaratory relief.

The post Former Maryland Pharmacist Indicted Over 8-Year Cyber Spying Campaign appeared first on The HIPAA Journal.

A settlement has been agreed to resolve litigation against defendants Southern Illinois Healthcare Enterprises, Southern Illinois Hospital Services, and Southern Illinois Medical Services over their use of website tracking technologies without website users’ knowledge or consent.

Southern Illinois Healthcare Enterprises Pixel Settlement

A class action lawsuit over the use of website tracking technologies has been settled. The lawsuit was filed by John Doe, individually and on behalf of similarly situated individuals, against the defendants Southern Illinois Healthcare Enterprises, Southern Illinois Hospital Services, and Southern Illinois Medical Services over an alleged impermissible disclosure of the plaintiff’s and class members’ private information to third parties.

The lawsuit – Doe v. Southern Illinois Healthcare Enterprises, Inc. – was filed in Williamson County Circuit Court, Illinois, and alleged that personally identifiable information was disclosed to Meta (Facebook) via third-party tools on the defendants’ websites without the knowledge or permission of website visitors. The lawsuit asserted claims for negligence, invasion of privacy, breach of implied contract, unjust enrichment, breach of fiduciary duty, and violations of the Illinois Consumer Fraud and Deceptive Practices Act.

The defendants removed the action to the U.S. District Court for the Southern District of Illinois and sought to have the lawsuit dismissed. That motion was partially successful and led to an amended complaint being filed that alleged negligence, negligence per se, invasion of privacy, breach of express contract, breach of implied contract, unjust enrichment, breach of bailment, breach of fiduciary duty, conversion, trespass to chattel, violation of the Illinois Eavesdropping Statute, and violation of the Illinois Consumer Fraud and Deceptive Business Practices Act.

The defendant sought to have the amended complaint dismissed; however, the motion was denied by the court. The defendant denied and continues to deny any wrongdoing or liability but agreed to a settlement to avoid the cost of protracted litigation and the risks of a trial. All class members are entitled to claim a one-year membership to the CyEx Privacy Shield Pro service and a one-time cash payment of $17.50. The objection, exclusion, and claims deadline is June 15, 2026. The final fairness hearing has been scheduled for August 24, 2026.

The post Southern Illinois Healthcare Enterprises Pixel Settlement Approved appeared first on The HIPAA Journal.

Settlements have received preliminary approval from the courts to resolve class action data breach lawsuits against Dove Healthcare Management Services and Blackstone Valley Community Health Care over the exposure of plaintiffs’ private information in 2023 and 2024 hacking incidents.

Dove Healthcare Management Services Data Breach Settlement

Dove Healthcare Management Services, a provider of nursing and rehabilitation care, assisted living, and palliative care services, has agreed to a settlement to resolve litigation over a July 2024 cyberattack that exposed the private information of patients and employees.

Cybercriminals breached its information systems on or around July 6, 2024, exposing names, dates of birth, Social Security numbers, driver’s license numbers, full face photographs, health information, and health insurance information. The affected individuals began receiving notifications about the incident on March 18, 2025. The first class action lawsuit was filed on March 26, 2025, followed by several similar lawsuits. The complaints were consolidated into a single action in the Circuit Court of Eau Claire County, Wisconsin.

The consolidated lawsuit – Miranda Meredith, et al. v. Dove Healthcare Management Services, LLC – alleged that the defendant was to blame for the intrusion and data exposure and could have prevented it if industry-standard cybersecurity measures had been implemented. The defendant denies all claims in the lawsuit, including claims of wrongdoing, fault, and liability. After several months, all parties agreed on the material terms of a settlement to bring the litigation to an end, with no admission of wrongdoing or liability by the defendant. The settlement has now been finalized and has received preliminary approval from the court.

Settlement Benefits:

Two years of complimentary credit monitoring and identity theft protection services, plus one of the following cash payments:

• Reimbursement of documented, unreimbursed losses up to a maximum of $3,000 per class member, which may include up to three hours of lost time at $20 per hour, or
• A pro rata alternative cash payment, estimated to be approximately $50

The cash benefits are subject to a $150,000 cap. The alternative cash payments will be paid from the remainder of the $150,000 fund after claims have been paid, and are subject to a pro rata decrease, depending on the number of claims received.

In addition to those benefits, the defendant has agreed to make cybersecurity enhancements, the cost of which will be paid by the defendant in addition to the settlement costs. The objection and exclusion deadline is June 22, 2026. The deadline for submitting a claim is July 7, 2026, and the final fairness hearing has been scheduled for July 20, 2026.

Blackstone Valley Community Health Care Data Breach Settlement

Blackstone Valley Community Health Care, a federally funded community health center in Rhode Island, has settled a class action lawsuit filed by plaintiff Alba Peralta Perez, who was affected by a 2023 data incident. The defendant identified suspicious activity within its network on November 11, 2023, and confirmed that an unauthorized third party had access to patients’ names and Social Security numbers.

The lawsuit – Perez v. Blackstone Valley Community Health Care, Inc. – was filed in the District Court for the District of Rhode Island. After being briefed on the defendant’s motion to dismiss, the federal action was voluntarily dismissed by the plaintiff without prejudice due to questions over the federal court’s jurisdiction. The action was subsequently refiled in the Superior Court of Providence County, Rhode Island. All parties agreed to settle the lawsuit to avoid the costs and risks associated with a trial, with no admission of wrongdoing or liability by the defendant.

Settlement Benefits:

Class members are entitled to enroll in three years of credit monitoring services and may also claim one of the following two cash benefits, the cap for which is set at $525,000. Should that cap be exceeded, claims will be paid pro rata.

• Reimbursement for documented ordinary expenses
• Reimbursement for documented extraordinary expenses (losses from identity theft or fraud).
• Reimbursement for lost time – Up to four hours at $20 per hour

The objection, exclusion, and claims deadline is June 1, 2026. The final fairness hearing has been scheduled for June 23, 2026.

The post Settlements Agreed to Resolve Two Class Action Healthcare Data Breach Lawsuits appeared first on The HIPAA Journal.

SAG-AFTRA Health Plan has settled a class action lawsuit over a September 2024 email data breach. Hackers gained access to the health plan’s email systems between September 17 and September 18, 2026, after employees responded to phishing emails. The attack exposed sensitive personal and protected health information, which was potentially copied by the hackers.

Data compromised in the incident included names and Social Security numbers and, for some individuals, health information, claims information, and plan participant identification numbers. The breach was reported to the HHS’ Office for Civil Rights initially as affecting 35,592 individuals, although that total was later increased to 98,474 individuals. The lawsuit states that approximately 94,546 notification letters were mailed.

The first class action lawsuit over the data breach was filed by plaintiffs Matthew Rouillard and Kristy Munden in December 2024, and a further three class action lawsuits were subsequently filed by other plaintiffs. The lawsuits had overlapping claims, so were consolidated into a single action – In re SAG Health Data Breach Litigation – in the U.S. District Court for the Central District of California.

The consolidated lawsuit asserted several claims, including negligence and violations of California laws. To avoid the expense, distraction, and uncertainty of a trial and related appeals, SAG-AFTRA Health Plan and the plaintiffs agreed to a settlement. SAG-AFTRA Health Plan has agreed to establish a $950,000 settlement fund to cover attorneys’ fees and expenses, claims administration costs, service awards for the class representatives, and benefits for the class members.

Class members may submit a claim for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. A claim may also be submitted for a pro rata cash payment, which will be paid from the remaining funds after claims and costs have been deducted. Individuals who were not California residents at the time of the data breach will receive one pro rata share of the remainder of the settlement fund, and California residents will receive two shares.

All class members will receive an 18-month membership to a credit monitoring and identity theft protection service, even if they do not submit a claim for reimbursement of losses or a cash payment. Claims must be submitted by July 23, 2026. The deadline for objection and exclusion is June 23, 2026, and the final fairness hearing has been scheduled for September 24, 2026.

December 13, 2026: SAG-AFTRA Members Sue Health Plan Over Email Breach

A class action lawsuit has been filed by members of the Screen Actors Guild – American Federation of Television and Radio Artists (SAG-AFTRA) health plan over a recent email phishing attack that exposed their protected health information. An unauthorized third party accessed an employee’s email account between September 17 and September 18, 2024, after the employee responded to a phishing email and potentially viewed or copied names, Social Security numbers, health insurance information, and claims information. The breach was reported to the HHS’ Office for Civil Rights as affecting 35,592 individuals, and individual notifications were mailed on December 2, 2024. The total was later increased to 98,474 individuals.

Three days after notification letters were mailed, a lawsuit was filed by Clarkson Law Firm P.C. in the U.S. District Court in Los Angeles that names SAG-AFTRA members Matthew Rouillard and Kristy Munden as plaintiffs. The lawsuit alleges SAG-AFTRA failed to implement reasonable and appropriate cybersecurity measures to prevent unauthorized access to members’ sensitive data, which was exfiltrated in the attack, failed to adequately monitor its network and computer systems, and failed to issue timely notifications about the breach. Notification letters were sent more than 2 months after the email account breach was discovered.

The lawsuit alleges the plaintiffs and class members have suffered injuries such as out-of-pocket expenses associated with preventing, detecting, and remediating identity theft, social engineering, and fraud; lost opportunity costs while attempting to mitigate the consequences of the data breach; lost time; an invasion of privacy; diminution in value of their private information; and an increased risk of identity theft and fraud.

The lawsuit claims that in light of the data breach and lack of cybersecurity protections, members overpaid for their health plans. The lawsuit asserts claims of unjust enrichment, invasion of privacy, negligence, breach of express warranty, and violations of the California Civil Code (Deceit by concealment), California Unfair Competition Law (Business & Professions Code), and the California Confidentiality of Medical Information Act.

The lawsuit seeks class action status, a jury trial, monetary damages, restitution, and an order from the court requiring adequate security protocols to be implemented, proper notice to be provided to the affected individuals, and prohibiting the health plan from engaging in further wrongful acts.

The post SAG-AFTRA Health Plan Settles Lawsuit Over 2024 Phishing Incident appeared first on The HIPAA Journal.

South Texas Oncology and Hematology, a San Antonio, TX-based provider of leading-edge cancer treatment and other medical services, has settled a class action lawsuit stemming from a February 2024 cyberattack and data breach that involved unauthorized access to the personal information of 176,303 individuals, including the protected health information of 175,195 individuals.

Suspicious network activity was identified on February 15, 2024, and the forensic investigation confirmed that an unauthorized individual accessed its network and potentially obtained employee and patient information. Data exposed in the incident included names, contact information, dates of birth, health information, and Social Security numbers. The affected individuals were notified about the incident in June 2024.

The first class action lawsuit over the data breach was filed by plaintiff Doris Flores on June 24, 2024, in the U.S. District Court for Bexar County, Texas, 438^th Judicial District. Several other lawsuits were subsequently filed, and since they made similar claims and had overlapping classes, the plaintiffs’ counsel agreed to work cooperatively and litigate in a single action – Flores v. South Texas Oncology and Hematology, PLLC.

The consolidated lawsuit alleged that the defendant failed to implement reasonable and appropriate cybersecurity measures to protect sensitive data on its network, and that the data breach should have been prevented. South Texas Oncology and Hematology maintains that there was no wrongdoing, there is no liability, and denies all claims and contentions in the lawsuit. The defendant and the plaintiffs agreed to a settlement to avoid the costs and risk associated with a trial, with no admission of fault or liability.

The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for July 21, 2026. Under the terms of the settlement, South Texas Oncology and Hematology has agreed to pay $1,075,000 to cover attorneys’ fees and expenses, settlement administration and notification costs, service awards for the class representatives, and benefits for the class members.

Class members may submit a claim for reimbursement of up to $5,000 in documented, unreimbursed losses due to the data breach, or they may claim an alternative pro rata cash payment. The cash payments are estimated to be $100 per class member, but may be higher or lower depending on the number of valid claims received. In addition to one of those benefits, class members may also claim two years of free medical data monitoring services. Claims must be submitted by July 6, 2026, and individuals wishing to object to the settlement or exclude themselves must do so by June 22, 2026.

The post South Texas Oncology and Hematology Pays $1.1M to Settle Data Breach Lawsuit appeared first on The HIPAA Journal.

Alabama Ophthalmology Associates, P.C., has settled a class action lawsuit that was filed in response to a January 2025 cyberattack on its computer systems. The intrusion was identified on January 30, 2025, and the forensic investigation confirmed unauthorized access to its network between January 22 and January 30, 2025.

The hackers had access to files containing names, dates of birth, Social Security numbers, medical record numbers, treatment information, medical history information, and health insurance information. The Alabama Ophthalmology data breach affected 131,576 individuals, and notification letters were mailed in April 2025. Multiple class action lawsuits were filed in response to the data breach, which were consolidated as they had overlapping claims – In re Alabama Ophthalmology Associates, P.C., Data Breach Litigation – in the Circuit Court of Jefferson County, Alabama.

The consolidated lawsuit alleged that the defendant failed to implement reasonable and appropriate safeguards to protect sensitive data on its network, resulting in unauthorized access and exposure of patient data, and failed to issue adequate breach notifications. The lawsuit asserted claims for negligence, negligence per se, breach of contract, breach of implied contract, breach of fiduciary duty, breach of confidence, invasion of privacy, fraud, misrepresentation, unjust enrichment, bailment, wantonness, and failure to provide adequate notice pursuant to any breach notification statute or common law duty.

The defendant denies all claims and contentions in the lawsuit and maintains that there was no wrongdoing and that there is no liability. To avoid further legal costs and the uncertainty of a trial, all parties explored early resolution of the lawsuit, and a settlement was ultimately agreed upon that was acceptable to all parties.

Class members are entitled to claim two years of medical data monitoring and identity theft protection services, plus one of two cash payments. A claim may be submitted for documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, or a claim may be submitted for an alternative pro rata cash payment, the value of which will depend on the number of valid claims received. The cash payments are expected to be around $60 per class member. The deadline for objection and exclusion is June 5, 2026. Claims must be submitted by June 25, 2026, and the final fairness hearing has been scheduled for July 6, 2026.

The post Alabama Ophthalmology Associates Data Breach Settlement Gets First Nod appeared first on The HIPAA Journal.

Tempus AI, a publicly traded healthcare artificial intelligence company, is facing multiple class action lawsuits over the alleged unauthorized collection and disclosure of genetic testing results, which were derived from genetic testing by Ambry Genetics Corporation (Ambry Genetics).

Ambry Genetics offers comprehensive genetic testing services, including screening and diagnosis of inherited and non-inherited diseases. Tempus AI was founded in 2015 and builds tech solutions around clinical care and research products. In February 2025, Tempus AI acquired Ambry Genetics for $600 million, and as a condition of the acquisition, Ambry Genetics was required to disclose its vast database of genetic data to Tempus AI. The database contained the genetic information of hundreds of thousands of individuals.

Tempus AI used Ambry Genetics’ genetic database to train its AI models. Tempus AI had signed agreements with more than 70 companies, including large and mid-sized pharmaceutical firms such as AstraZeneca, Bristol Myers Squibb, Pfizer, and GlaxoSmithKline, and biotechnology firms such as Incyte, Servier, Aspera Biomedicines, and Whitehawk Therapeutics. Genetic data derived from Ambry Genetics testing services was provided to those clients under those agreements.

Several class action lawsuits were filed against Tempus AI over the use of genetic data to train the AI models and the subsequent disclosures of genetic data. The lawsuits were consolidated into a single complaint – Farrier et al v. Tempus AI, Inc. – on April 15, 2026, in the U.S. District Court for the Northern District of Illinois. The lawsuit alleges that Tempus AI violated the Illinois Genetic Information Privacy Act (GIPA) and other state statutes by compelling Ambry Genetics to disclose the genetic data collected through its testing services and violating the same laws by disclosing the genetic data through its agreements with third-party partners. The lawsuit claims that Tempus AI has profited enormously from selling genetic data without the knowledge or written consent of the data subjects. The lawsuit alleges that the class members’ genetic data was disclosed to those clients in deals totaling $1.1 billion.

Tempus AI claims to have a clinical and molecular data library consisting of 45 million de-identified patient records, including 8.5 million clinical records, 2 million medical images, and 1 million matched clinical-genomic records. The lawsuit alleges that Tempus AI and Ambry Genetics misled the public by claiming that they only disclose de-identified genetic information, when that is not the case. Further, the lawsuit claims that genetic information “cannot be deidentified because such data serves as an inherently unique biomarker,” and like DNA, the information is inherently identifiable.

The 21-count lawsuit asserts claims for negligence, unjust enrichment, fraudulent concealment, Conversion, invasion of privacy-intrusion upon seclusion, breach of contract, breach of implied contract, breach of fiduciary duty, and violations of consumer and data protection laws, deceptive trade practices laws in California, Florida, Georgia, Illinois, Michigan, New York, and West Virginia.

The plaintiffs seek a jury trial and damages, injunctive relief, and any other remedies that the Court deems appropriate to redress Tempus AI’s alleged unlawful and unauthorized data collection and disclosures, including an order from the court compelling Tempus AI to cease sharing individuals’ genetic data without first providing the data subjects with proper notice and obtaining their written consent.

The post Healthcare AI Firm Sued Over Alleged Unlawful Disclosures of Genetic Data appeared first on The HIPAA Journal.

A class action lawsuit filed against Absolute Dental Group, LLC, and Judge Consulting, Inc., over a 2025 data breach has been settled for $3,300,000. Absolute Dental is a Nevada-based dental care provider, and Judge Consulting is a provider of technology consulting, staffing solutions, and corporate training services. Absolute Dental contracted with Judge Consulting as its managed services provider and was responsible for the daily management and operations of Absolute Dental’s IT systems.

Absolute Dental identified suspicious activity within its network on February 26, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network between February 19, 2025, and March 5, 2025. Access was gained through an account associated with Judge Consulting. The hackers had access to names, contact information, Social Security numbers, driver’s license numbers, health information, health insurance information, financial information, and other sensitive data. The data breach was one of the largest of the year, affecting 1,223,635 individuals.

Several class action lawsuits were filed in response to the data breach, which were consolidated into a single complaint – Jordan et al. v. Absolute Dental Group, LLC, et al., – in the U.S. District Court for the District of Nevada. The lawsuit alleged that the defendants failed to adequately secure patient data, failed to properly monitor their systems for intrusions, and failed to provide timely notice to the victims of the breach. The lawsuit asserted claims for negligence, negligence per se, breach of contract, breach of implied contract, unjust enrichment, breach of fiduciary, breach of confidence, invasion of privacy, violations of the Nevada Privacy of Information Collected on the Internet From Consumers Act, and declaratory and injunctive relief.

Following mediation, the plaintiffs and the defendants agreed to a settlement that was acceptable to all parties, with no admission of wrongdoing, fault, or liability by the defendants. A $3,300,000 settlement fund will be established to cover attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the five class representatives. The remainder of the settlement fund will be used to pay for benefits for the class members.

Class members may choose to submit a claim for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, or they may claim an alternative pro rata cash payment, the value of which will depend on the number of valid claims received. Residents of California at the time of the data breach also qualify for an additional cash payment. The deadline for objection to and exclusion from the settlement is June 9, 2026. Claims must be submitted by June 18, 2026, and the final approval hearing has been scheduled for July 30, 2026.

The post Absolute Dental Settles Class Action Data Breach Lawsuit for $3.3M appeared first on The HIPAA Journal.

Tangoe, a provider of software solutions for managing telecom, mobile, and cloud expenses, has agreed to a settlement to resolve a class action lawsuit stemming from a November 2022 security incident. Tangoe experienced a cyberattack, exposing sensitive data such as names, dates of birth, Social Security numbers, medical information, health insurance information, medication information, billing and claims information, and financial account information. Hackers had access to its systems between November 15, 2022, and November 17, 2022.

The breach affected some of its healthcare clients and involved unauthorized access to the protected health information of 4,765 individuals, according to the breach notice filed with the HHS’ Office for Civil Rights. While the breach occurred in November 2022, it took until November 1, 2023, for the affected individuals to be notified. A lawsuit – Kevin McLinden v. Tangoe US, Inc.– was filed in the Superior Court for Marion County, Indiana, over the data breach, alleging Tangoe failed to implement reasonable and appropriate cybersecurity measures, leading to an entirely preventable data breach. Tangoe denies all claims and contentions in the lawsuit, including claims of wrongdoing, fault, and liability.

After prolonged and extensive arm’s length negotiations, all parties agreed to a settlement to avoid the expense and length of protracted litigation and the uncertainty of a trial and any related appeals. Under the terms of the settlement, class members are entitled to claim two years of credit monitoring services, which include a $1 million identity theft insurance policy. In addition to the credit monitoring services, class members may claim one or more cash payments.

A claim may be submitted for compensation for documented, unreimbursed ordinary losses due to the data breach incurred between November 2022 and June 3, 2026. Claims for reimbursement of ordinary losses have been capped at $750 per class member. A claim may also be submitted for compensation for lost time up to a maximum of four hours at $25 per hour ($100). The lost time claims are included in the $750 ordinary losses cap.

A claim may also be submitted for reimbursement of extraordinary losses, such as documented, unreimbursed losses due to identity theft and fraud. Claims for extraordinary losses have been capped at $5,000 per class member. If a claim for reimbursement of losses/lost time is not submitted, class members are eligible to claim an alternative pro rata cash payment. The cash payments will be paid from the remainder of the settlement fund, and are expected to be around $50, but may be higher or lower depending on the number of claims received. No proof is required to submit a claim for an alternative cash payment.

The deadline for exclusion and objection to the settlement is May 4, 2026. Claims must be submitted by June 3, 2026, and the final fairness hearing has been scheduled for June 11, 2026. Individuals who do nothing will receive no benefits and will lose the right to sue the defendant over the data breach or participate in other lawsuits related to the data breach.

The post Tangoe Data Breach Settlement Receives Preliminary Approval appeared first on The HIPAA Journal.