Settlement Website: RXDataIncident.com
Objection Deadline: 05/17/2022
Exclusion Deadline: 05/17/2022
Claim Form: https://secureforms.krollsettlementadministration.com/DynamicForms2/1529/Form/e59afd33-d4b3-4445-bb07-1020158f3a44
Deadline For Submitting Claim: 06/27/2022
Final Hearing Date: 06/23/2022
Settlement Amount: $4.75 million
Proof Of Purchase: Not applicable
Potential Claim Amount: Under the settlement terms, the national Class members are eligible for a cash payment of $25. The California subclass members can claim an additional payment of $75 making their total recovery $100. As per the settlement website, the exact amount of these payments might increase or decrease depending on the number of valid claims filed with the settlement. If any funds remain after these payments, then the same shall be paid to a charitable recipient and won’t be returned to CaptureRx.
A class-action lawsuit has been filed against CaptureRx alleging the third-party pharmacy management system of failure to protect consumer data during its 2021 data breach. This $4.75 million settlement is expected to benefit a nationwide consumer class who was notified by CaptureRx of being affected by the February 2021 data breach. A California Subclass of the same consumers who were residents of California while being notified by the company about the data breach is also included in the settlement. CaptureRx helps facilitate transactions, manage inventory and undertake similar functions which aid various hospitals and pharmacies around the country with system management. The personal information of patients of these hospitals and pharmacies might have been compromised in a 2021 data breach.
This data breach was detected for the first time on 19th February 2021. An investigation conducted later on revealed that unauthorized third parties gained access to these sensitive credentials on 6th February 2021. However, the affected clients came to know about the same in late March and early April of 2021. A total of 1.9 million individuals were affected by this data breach as patient information like names, prescription information, date of birth, and medical records were compromised in the breach causing various patients to take legal action against CaptureRx.
CaptureRx had adequate security systems in place to ensure the security and privacy of the healthcare data. Nonetheless, the attackers managed to bypass those protections. All policies and procedures of CaptureRx have been reviewed and enhanced following the attack and additional training has been given to the workforce to limit the risk of further security breaches in days to come.
A plaintiff took legal action against Walmart and CaptureRx anonymously in May 2021 as the companies failed to safeguard sensitive data and thus “betrayed” customers who faced risks of identity theft and fraud. The plaintiff added that personal health information and personal identifiable information of patients and other class members were inadequately protected, improperly handled, readily available for being copied by thieves, and not stored under basic security protocols. According to data published by quantitative and qualitative research provider Javelin Strategy & Research, this data breach made the class members approximately 9.5 times more vulnerable to identity theft and fraud compared to the general public.
The lawsuit has brought charges of negligence, violations of the California Confidentiality of Medical Information Act, and invasion of privacy against the defendants. Though CaptureRx hasn’t admitted to any wrongdoing, they have agreed to resolve all claims with a $4.75 million settlement. If this settlement is not granted final approval, then the company would consider bankruptcy.