A New Mexico federal judge has approved a settlement proposed by Rehoboth McKinley Christian Health Care Services for resolving claims arising out of a February 2021 cyberattack. Individuals who incurred out-of-pocket expenses and lost time in response to the data breach will be compensated by the terms of the settlement up to a maximum ceiling of $4000 per person.
Settlement website – RehobothDataSettlement.com
Objection deadline – 04/10/2023
Exclusion deadline – 04/10/2023
Claim Form – https://secureforms.krollsettlementadministration.com/DynamicForms2/1585/Form/659247de-b7b6-4e34-8c4d-bc7bf1bd9e50
Deadline for submitting the claim – 05/09/2023
Final Hearing date – 05/24/2023
Settlement amount – Undisclosed
Potential claim amount – Up to $4,000
Proof of purchase – Documents of data breach-related expenses and monetary losses
A 60-bed intensive care hospital and an outpatient clinic are operated by Rehoboth McKinley Christian Health Care Services for providing home health care services in eastern Arizona and northwestern New Mexico. However, a security breach was detected in February 2021 and the investigation revealed that unauthorized individuals gained access to its network between 21st January to 5th February 2021. The malicious people gained access to the sensitive health information of 191000 patients including their names, contact details, medical information, social security numbers, and health insurance info. Though the data breach was discovered on 16th February, it was only around 19th May 2021 that the patients were notified of the data breach and that their private info has fallen into wrong hands.
A class action lawsuit settlement was filed for the first time on June 2021 alleging that Rehoboth McKinley Christian Health Care Services failed to put safeguards that could have prevented unauthorized access to health credentials by a third party. They were also blamed for making unnecessary delays in notifying the affected individuals about the breach. The lawsuit further alleged that the actions of Rehoboth McKinley Christian Health Care Services completely violated both Arizona and New Mexico consumer protection statutes in terms of intrusion upon seclusion, negligence, breach of fiduciary duty, and breach of implied contract.
Rehoboth McKinley Christian Health Care Services argued that it wasn’t their actionable duty to protect the plaintiffs’ data and this was ruled out by a U.S. District Court judge. The defendants agreed to resolve all claims brought against it with a settlement. 191009 class members can submit claims up to $500 to recover out-of-pocket expenses including 4 hours of lost time at $15 per hour. Bank fees, cell phone, and data charges, long-distance phone charges, gasoline for local travel, postage, credit monitoring and identity theft insurance services and credit report fees fall under the definition of ordinary expenses.
Class members can also submit claims for documented extraordinary out-of-pocket expenses up to a maximum ceiling of $3500. This settlement will cover the entire $4000 for all class members, unlike most other settlements where payments are made on a pro-rata basis. Class members will also be eligible for complimentary credit monitoring services for two years regardless of if they incurred out-of-pocket losses. Once the settlement is finalized, they will receive an activation code and instructions for enrolling in these free services. The defendants have also agreed to strengthen their data security parameters to prevent the occurrence of such incidents in the upcoming days.