A $2.4 million settlement has received final approval from the court to resolve a class action lawsuit against Somnia Inc. and others over a 2022 cyberattack and data breach.

Somnia manages anesthesiology services at more than a hundred surgery centers across the country. In the summer of 2022, Somnia experienced a cyberattack that saw hackers access parts of its network where patient information was stored. The forensic investigation confirmed that names, Social Security numbers, dates of birth, driver’s license numbers, financial account information, health insurance policy numbers, medical record numbers, Medicaid/Medicare IDs, and health information were potentially compromised. More than 450,000 individuals had their information exposed in the incident.

Several lawsuits were filed in response to the breach against Somnia, Anesthesia Services of San Joaquin, Palm Springs Anesthesia Services, Resource Anesthesiology Associates of IL, Resource Anesthesiology Association of NM, and Anesthesia Associates of El Paso. The lawsuits were consolidated into a single lawsuit as they all asserted similar claims and were based on the same facts.  The plaintiffs claimed that Somnia was negligent by failing to implement appropriate cybersecurity safeguards to ensure the privacy and confidentiality of the data stored on its network, did not follow industry security standards, and was not fully compliant with the HIPAA Rules.

The plaintiffs claimed they had suffered harm as a result of the data breach, including being placed at an elevated risk of identity theft and fraud. They also alleged that data breach notification letters were delayed and did not contain adequate information about the data breach, including the exact types of information that were stolen. The defendants denied and continue to deny any wrongdoing, and maintain the plaintiffs’ claims have no merit; however, the decision was taken to settle the litigation to prevent further legal costs and to avoid the risks and uncertainties associated with continuing to fight the litigation.

Under the terms of the settlement, a $2,425,000 settlement fund has been established to cover claims from class members for unreimbursed, documented out-of-pocket losses that are plausibly traceable to the data breach. $1 million of the settlement will be paid to the plaintiffs’ lawyers, $50,295 will be deducted to cover litigation expenses, and each of the 9 named plaintiffs will receive a $1,000 service award. The remainder of the settlement will cover class members’ claims, which were capped at $2,500 per class member. Any remaining funds in the settlement fund after claims and expenses have been paid will be paid pro rata to the class members.

The post Somnia’s $2.4 Million Data Breach Settlement Receives Final Approval appeared first on The HIPAA Journal.