Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident
Top Class Actions reports that Florida Orthopaedic Institute, ooerated by the Musculoskeletal Institute, has agreed to pay $4 million to settle claims stemming from a 2020 ransomware attack.
The incident was first disclosed in June 2020, and then reported to HHS on July 1 as affecting 640,000 patients. There is no notation in HHS’s public breach tool to indicate that any investigation, if opened, has been closed, so this incident may still be under federal review. DataBreaches is unable to confirm that or discount that possibility as HHS will never confirm or deny if it has an open investigation.
According to the entity’s notification to the California Attorney General’s Office, the data types included patient name, date of birth, Social Security number, medical information related to appointment times, physician locations, diagnosis codes, and payment amounts, insurance plan identification number, payer identification number, claims address, and/or FOI claims history.
The case is Stoll et al. v. Musculoskeletal Institute, Case No. 8:20-cv-01798-CEH-AAS, in the U.S. District Court for the Middle District of Florida
The deadline for opting out or objecting to the settlement has passed, and final approval will be determined by the court on September 29.
Read more at Top Class Actions.
For documents and details related to the settlement, consult the official settlement website at FLOrthoSettlement.com.